Ask Runable forDesign-Driven General AI AgentTry Runable For Free
Runable
Back to Blog
Technology7 min read

US offers $10 million for info on group behind Signal and WhatsApp hacking spree - Ars Technica

Operation by two Russia-state groups has been ongoing since at least March. Discover insights about us offers $10 million for info on group behind signal and wh

TechnologyInnovationBest PracticesGuideTutorial
US offers $10 million for info on group behind Signal and WhatsApp hacking spree - Ars Technica
Listen to Article
0:00
0:00
0:00

US offers $10 million for info on group behind Signal and Whats App hacking spree - Ars Technica

Overview

US offers $10 million for info on group behind Signal and Whats App hacking spree

Operation by two Russia-state groups has been ongoing since at least March.

Details

Federal authorities are offering a reward of up to $10 million for information leading to the identification or location of a Russian state cyber group that has compromised thousands of Signal and Whats App accounts belonging to investigative reporters and US government employees.

The operation has been active since at least March, when the FBI published an advisory warning of ongoing phishing campaigns targeting high-value targets by attackers associated with Russian intelligence services. Messages masquerading as automated support communications ask that users click a link or provide verification codes or account passcodes. In the event the user complies, they unknowingly link the attacker’s device to their account or have their account completely taken over and are locked out.

With that, the attackers can read any new messages sent to the compromised account. A safety feature built into Signal, however, prevents the attackers from reading any previous conversations. The messages are sent to “individuals of high intelligence value, such as current and former US government officials, military personnel, political figures, and journalists.”

Last week, the FBI published an update that said the campaign had evolved. In addition to trying to post as support bots trying to trick recipients into linking their account to an attacker device, the messages also urge users to create a backup of all previous communications following the directions here. A follow-up message then instructs the targets to send the long passcode that’s used to encrypt backups stored on Signal servers. With that, the attackers have access to past Signal conversations. The update said two Russian government groups responsible were tracked as UNC5792 and UNC4221.

Recently, attempts to hack users of our messenger with the connection of third-party devices to the account have become more frequent.

An investigation conducted jointly with the US government and European partners revealed that the attacks on accounts were carried out by hackers from Iran and post-Soviet countries.

Not to lose your messages and media, set up your Signal Backup (Settings -> Backups -> Enable backups -> View recovery key -> Copy to clipboard -> Next -> Enter the recovery key -> Next -> Continue -> Choose your backup plan).

Click the “Accept” button in the pop-up and stay tuned for security updates on our messenger.

Stay safe and thank you for using the most secure messenger with end-to-end encryption.

Action Required: Data Recovery Needed Your Signal Account data (messages and media) is at risk of permanent loss due to a sync issue. To avoid losing your messages and media: Go to Settings -> Backups -> Configure -> Enable Backups -> View Recovery Key. Copy the recovery key to your clipboard. Paste the key into this chat. This links your existing backup to your account. Failure to do this may result in losing access to your account and all stored data.

Your Signal Account data (messages and media) is at risk of permanent loss due to a sync issue.

Go to Settings -> Backups -> Configure -> Enable Backups -> View Recovery Key.

This links your existing backup to your account. Failure to do this may result in losing access to your account and all stored data.

On Monday, the US State Department said it was offering up to $10 million for information on the identities or locations of any of the people involved in the campaign. The reward is being offered under the State Department’s Reward for Justice program, or simply RFJ. The post said that in some cases, the attackers were abusing a Signal feature that allows users to create links to invite others to group discussions.

“Under this reward offer, RFJ is seeking information on UNC5792, a malicious cyber group associated with the Russian Federal Security Service (FSB) Border Guards and UNC4221, a malicious group of cyber actors working on behalf of the Russian military services,” Monday’s post read. “UNC5792 has conducted widespread phishing campaigns targeting Signal and Whats App accounts of US government officials, military leadership, and allied personnel.” The post continued:

In some instances, UNC5792 actors altered legitimate “group invite” pages to redirect users to a malicious URL that linked a UNC5792-controlled device to the victim’s Signal account. Although these malicious cyber activities did not exploit any security vulnerability in the platforms’ encryption protections, they have compromised thousands of individual commercial messaging application accounts.

In some instances, UNC5792 actors altered legitimate “group invite” pages to redirect users to a malicious URL that linked a UNC5792-controlled device to the victim’s Signal account. Although these malicious cyber activities did not exploit any security vulnerability in the platforms’ encryption protections, they have compromised thousands of individual commercial messaging application accounts.

The RFJ went on to say that the campaign has already compromised thousands of messenger accounts.

It may be hard for many to fathom the possibility of US intelligence officers, diplomats, or journalists falling for the scam. The fact remains that it only takes a moment for someone who is fatigued, sleep-deprived, or otherwise unguarded to act on the messages. Phishing remains one of the most effective means of gaining access to accounts, despite the relatively unsophisticated technical prowess required.

If someone provides their backup key in their response, they must generate a new backup recovery key. “To mitigate this risk, the user must generate a new Backup Recovery Key within the Settings control; this action will invalidate the previous key for all future backup downloads,” the FBI said in last week’s advisory. “However, please note that this does not prevent the actor from having already downloaded a backup of the original account.”

Legitimate CMA support services will not request verification codes within the application. CMA support services do not send users links to “verify” or “restore” accounts. They should never provide a verification code without confirming the request comes from a legitimate CMA communication channel.

Legitimate CMA support services will not request verification codes within the application.

CMA support services do not send users links to “verify” or “restore” accounts.

They should never provide a verification code without confirming the request comes from a legitimate CMA communication channel.

As always, it’s a good idea to resist taking on the feeling of urgency that’s often conveyed in such messages. There is rarely a penalty for waiting an extra hour or two to act, even when responding to legitimate requests.

  1.          Why did this journal retract two 1940s papers by Max Planck?
    
  2.          NASA's X-59 "frankenjet" tests supersonic flight without the sonic boom
    
  3.          Apple and Audi alumni have made a luxe EV based on the moon buggy
    
  4.          In a bold move, Rocket Lab acquires Iridium Communications
    
  5.          Feds deny Polestar authorization to sell cars in US from model year 2027
    

Ars Technica has been separating the signal from the noise for over 25 years. With our unique combination of technical savvy and wide-ranging interest in the technological arts and sciences, Ars is the trusted source in a sea of information. After all, you don’t need to know everything, only what’s important.

Key Takeaways

  • US offers $10 million for info on group behind Signal and Whats App hacking spree

  • Operation by two Russia-state groups has been ongoing since at least March

  • Federal authorities are offering a reward of up to $10 million for information leading to the identification or location of a Russian state cyber group that has compromised thousands of Signal and Whats App accounts belonging to investigative reporters and US government employees

  • The operation has been active since at least March, when the FBI published an advisory warning of ongoing phishing campaigns targeting high-value targets by attackers associated with Russian intelligence services

  • With that, the attackers can read any new messages sent to the compromised account

Cut Costs with Runable

Cost savings are based on average monthly price per user for each app.

Which apps do you use?

Apps to replace

ChatGPTChatGPT
$20 / month
LovableLovable
$25 / month
Gamma AIGamma AI
$25 / month
HiggsFieldHiggsField
$49 / month
Leonardo AILeonardo AI
$12 / month
TOTAL$131 / month

Runable price = $9 / month

Saves $122 / month

Runable can save upto $1464 per year compared to the non-enterprise price of your apps.