US offers $10 million for info on group behind Signal and WhatsApp hacking spree

Federal authorities are offering a reward of up to $10 million for information leading to the identification or location of a Russian state cyber group that has compromised thousands of Signal and WhatsApp accounts belonging to investigative reporters and US government employees. The operation has been active since at least March, when the FBI published an advisory warning of ongoing phishing campaigns targeting high-value targets by attackers associated with Russian intelligence services. Messages masquerading as automated support communications ask that users click a link or provide verification codes or account passcodes. In the event the user complies, they unknowingly link the attacker’s device to their account or have their account completely taken over and are locked out. Thousands of accounts already compromised With that, the attackers can read any new messages sent to the compromised account. A safety feature built into Signal, however, prevents the attackers from reading any previous conversations. The messages are sent to “individuals of high intelligence value, such as current and former US government officials, military personnel, political figures, and journalists.” Last week, the FBI published an update that said the campaign had evolved. …