The United States has announced a significant reward of up to $10 million for information that could lead to the identification of individuals associated with two cyber threat groups linked to Russian intelligence. These groups, tracked as UNC5792 and UNC4221, have been implicated in targeting individuals across various sectors, including current and former US government officials, military leaders, journalists, and political figures, particularly focusing on those in Ukraine.
Targeted Phishing Campaigns on Messaging Apps
According to a March alert issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), these cyber groups have focused their phishing efforts on commercial messaging applications (CMAs). By masquerading as automated support accounts for these platforms, the attackers deceive victims into clicking malicious links or providing verification codes, effectively gaining control over accounts on popular messaging services like Signal and WhatsApp.
In recent developments, CISA and the FBI have observed a shift in the attackers’ tactics. The cybercriminals now request victims’ Backup Recovery Keys, allowing them to access past conversations, including private and group messages. The agencies emphasize that even if victims create new accounts using the same phone number, the compromised Backup Recovery Key remains valid, posing ongoing security risks.
Mitigation and Security Measures
To mitigate these threats, users are advised to generate new Backup Recovery Keys, which invalidates the old ones and restricts unauthorized access. However, CISA and the FBI caution that attackers may have already downloaded data from compromised accounts, highlighting the importance of ongoing vigilance.
The threat actors, identified as part of the Russian intelligence services, use advanced social engineering tactics to exploit legitimate features in secure messaging apps. These actions grant them unauthorized access to sensitive communications and contact lists, and enable them to launch further phishing attacks. In some cases, attackers have altered group invite pages to link their devices to victims’ accounts on platforms like Signal.
US Government’s Response and Call for Information
The US government’s $10 million reward underscores the seriousness of these threats. It seeks comprehensive information on the identities, locations, and affiliations of UNC5792 actors, as well as details regarding their infrastructure and financial networks. This initiative is part of broader efforts to combat cyber threats linked to Russian intelligence services.
By offering substantial financial incentives, the US aims to gather critical intelligence to dismantle these cyber threat networks. The ongoing attacks illustrate the evolving nature of cybersecurity threats and the need for robust defenses and international cooperation to protect sensitive information from malicious actors.
