The US Department of State is offering a reward of up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which authorities say are linked to Russia's intelligence and military services. The reward is being offered through the Rewards for Justice program, which focuses on foreign state-backed cyber threats targeting US critical infrastructure.
According to the announcement, UNC5792 is associated with the Russian Federal Security Service (FSB) Border Guards, while UNC4221 is believed to operate on behalf of the Russian military. US authorities say UNC5792 has carried out phishing campaigns targeting Signal and WhatsApp accounts belonging to US government officials, military leaders, and allied personnel.
The US government is seeking information about the groups' members, locations, affiliations, operational infrastructure, funding sources, banking relationships, cryptocurrency wallets, and other financial networks supporting their activities.
Last week, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) updated a March 2026 advisory with new tactics linked to the two groups. Officials said the hackers have been impersonating Signal support staff in direct messages, claiming users must complete a mandatory two-factor verification process. The scheme is designed to trick victims into sharing their Signal Backup Recovery Keys, allowing attackers to gain access to previous conversations stored on the platform.