The United States is offering a reward of up to $10 million for information on Russian state-linked hackers accused of targeting Signal users, including NATO officials, government personnel, journalists, and people connected to Ukraine.
The reward was announced under the US State Department’s Rewards for Justice program, which seeks information on foreign cyber actors acting against US national security interests. The campaign has been linked to Russian intelligence services and focuses on compromising secure messaging accounts through social engineering rather than breaking encryption.
According to US authorities, the attackers have targeted users of Signal by trying to obtain sensitive account recovery information. In recent warnings, the FBI and CISA said Russian intelligence-linked hackers have shifted from stealing verification codes to targeting Signal Backup Recovery Keys, which can allow attackers to restore encrypted message backups and access past conversations.
The activity is especially concerning because Signal is widely used by officials, activists, journalists, military personnel, and diplomatic staff who rely on encrypted messaging for sensitive communications. By obtaining recovery keys or other account access credentials, attackers may be able to read backed-up messages without exploiting a vulnerability in Signal itself.
US agencies have attributed the activity to Russian Intelligence Services, including groups associated with the FSB and military intelligence-linked operations. The campaign reportedly overlaps with activity tracked by security researchers as UNC5792 and UNC4221.
The attacks are designed to look like legitimate security or recovery prompts. Victims may receive messages claiming that they need to enable backups, complete a security update, or prevent message loss. The goal is to convince the user to share recovery information voluntarily.
Authorities stressed that Signal itself has not been hacked. The risk comes from phishing and social engineering, where attackers manipulate users into handing over credentials or recovery keys that should never be shared.
The US government is asking anyone with information about the hackers, their infrastructure, their operators, or related activity to come forward. Eligible tips could receive up to $10 million if they help identify or locate individuals acting under the direction or control of a foreign government.
The warning comes amid growing concern over Russian cyber operations aimed at NATO members, Ukraine-linked targets, and Western government officials. Secure messaging platforms have become high-value targets because they often contain sensitive political, diplomatic, and military communications.
Security agencies advise Signal users to never share verification codes, PINs, or Backup Recovery Keys, even if a request appears to come from Signal support. Users should also review linked devices, remove unfamiliar sessions, and generate a new recovery key if they believe the old one may have been exposed.