The **U.S. Department of State** has launched a significant initiative under its ‘Rewards for Justice’ (**RFJ**) program, offering a substantial reward for information on two malicious cyber groups. The bounty aims to counter foreign state actors conducting cyberattacks against U.S. critical infrastructure. ### Targeting Russian-Linked Cyber Groups The **RFJ** program is specifically seeking details on **UNC5792**, a group associated with the **Russian Federal Security Service (FSB)** Border Guards, and **UNC4221**, which operates on behalf of Russian military services. Both groups are implicated in sophisticated cyber operations. According to the U.S. government's announcement, **UNC5792** has executed extensive phishing campaigns. These campaigns specifically target **Signal** and **WhatsApp** accounts belonging to U.S. government officials, military leadership, and allied personnel. ### Information Sought The U.S. government is keenly interested in a range of information concerning **UNC5792** and **UNC4221**, including: * Names, locations, biographies, and affiliations of actors and supporting personnel. * Links to Russian intelligence services, contractors, and third-party service providers. * Operational infrastructure, such as domains, servers, hosting, data storage, tools, frameworks, and software. * Funding sources, financial accounts, banking relationships, and payment mechanisms. * Cryptocurrency wallets, blockchain transactions, and financial networks supporting their operations. ### Evolving Tactics and Signal Vulnerabilities In a recent update, the **FBI** and **CISA** revised a March 2026 advisory to detail new tactics employed by these threat groups. A notable development includes the observed theft of **Signal Backup Recovery Keys**. Hackers are reportedly impersonating **Signal** support agents through direct messages. They inform targets of a mandatory two-factor verification process, a deceptive maneuver designed to trick users into revealing their data backup key. This grants the attackers unauthorized access to a victim’s past communications on the platform. ### Undermining End-to-End Encryption U.S. authorities emphasize that while the underlying encryption of communication platforms remains uncompromised, these social engineering attacks are highly effective at siphoning private data. The **RFJ** announcement confirms that thousands of individual accounts across commercial messaging applications have been compromised through these methods. Typical targets extend beyond government and military figures to include **NATO** officials, diplomatic personnel, defense and intelligence officers, policy analysts, journalists covering Russia and Ukraine, NGOs supporting Ukraine, and researchers focused on security and Russian affairs. ### User Vigilance is Key **Signal** users are strongly advised to remember that legitimate support teams communicate exclusively via official company email addresses. They will never request verification codes within the application or send links asking for account verification, recovery, or restoration. Staying vigilant against such phishing attempts is crucial for maintaining digital security.