US Offers $10M Reward for Russian Hacker Group UNC5792

US Offers $10 Million Reward for Russian Hacker Group UNC5792

Do Son June 27, 2026 2 minutes read

At a Glance

Actor / group	UNC5792 (linked to FSB Border Guards); UNC4221 (Russian military)
Activity	Phishing and account takeover via messaging device-linking abuse
Targets	U.S. and allied officials, military, diplomats, journalists, Ukraine-focused NGOs
Scale	Thousands of accounts compromised; up to $10 million reward offered
Status	State Department Rewards for Justice offer; no charges announced
Source	Rewards for Justice; FBI/CISA PSA I-062626-PSA

TL;DR

The U.S. State Department is offering up to $10 million for information on UNC5792. This Russian-linked group ran phishing campaigns against Signal and WhatsApp accounts. Officials say no encryption was broken.

What Happened

Rewards for Justice named UNC5792 as the focus of its latest offer. According to the press release, the group “conducted widespread phishing campaigns targeting Signal and WhatsApp accounts” of U.S. officials and allied personnel.

The actors abused legitimate device-linking features. They altered “group invite” pages to link an attacker-controlled device to a victim’s Signal account. As a result, they read private messages and contact lists. They then ran further phishing from trusted accounts.

Notably, the activity “did not exploit any security vulnerability in the platforms’ encryption protections.” Instead, it relied on social engineering.

Who Is Behind It

Rewards for Justice associates UNC5792 with Russia’s FSB Border Guards. A second group, UNC4221, works on behalf of Russian military services. Google’s Threat Intelligence Group calls UNC5792 a suspected Russian espionage cluster. Attribution therefore points to Russian intelligence, though investigators use careful language.

Impact and Scale

The campaign has compromised thousands of messaging accounts worldwide. Victims include diplomats, defense staff, NATO officials, investigative journalists, and Ukraine-focused NGOs. The broad target list shows clear intelligence-gathering goals.

Beyond names and locations, Rewards for Justice wants details on the group’s infrastructure, funding sources, financial accounts, and cryptocurrency wallets. That focus suggests investigators aim to map the whole support network.

What Comes Next

The FBI and CISA updated their advisory on June 26. They warn that the actors now try to steal Signal backup recovery keys. To stay safe, open Linked Devices and remove anything you do not recognize. Never share codes, PINs, or recovery keys. You can submit tips through the Rewards for Justice UNC5792 page.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Critical Alert 2 Active Exploits Detected Today

Leave a Reply Cancel reply