The US Department of State is offering a reward of up to $10 million to anyone that can help it identify and locate members of the Russia-linked UNC5792 and UNC4221 hacking groups.UNC4221 works on behalf of the Russian military services while UNC5792 is associated with the Russian Federal Security Service (FSB), and has carried out phishing campaigns targeting the Signal and WhatsApp accounts of US government officials, military leadership, and allied personnel.”Using social engineering techniques, these malicious cyber actors exploit legitimate device-linking features in these secure messaging applications to gain unauthorized access to sensitive government communications, contact lists, and group conversations,” said the US Department of State. “After compromising an account, the malicious actors were also able to send messages and conduct additional phishing against other accounts using those same commercial messaging applications.”In some cases, UNC5792 actors altered legitimate group invite pages to redirect users to a malicious URL that linked a hacker-controlled device to the victim’s Signal account. Officials said that while these activities did not exploit vulnerabilities in either platforms’ encryption standards, they successfully compromised “thousands of individual commercial messaging application accounts”. Targets included US government officials, diplomatic personnel and foreign affairs officials, defense and national security personnel, policy analysts and advisors, NATO member-state officials and diplomats, and allied intelligence and defense partners. The group also went after investigative journalists covering Russia, Ukraine, and international affairs, NGOs providing support and assistance to Ukraine, and academic researchers in security studies and Russian affairs.Valuable intelThe announcement of the reward follows an advisory issued by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) last week, which warned of continued activity by the two groups as well as a change in tactics aimed at harvesting victims’ backup recovery keys.”If a victim inadvertently shares their backup recovery key, that same key remains valid even if they create a new account following the compromise using the same phone number,” the advisory warned. “Consequently, the actor could potentially use the compromised key to take over the new account in the future as well.”The department gives a list of what information it seeks, including:NamesLocationsBiographical information on UNC5792 membersAffiliations with Russian intelligence servicesIdentities of personnel providing technical supportContractors or third-party entities providing servicesIt’s also seeking information on domain names, server locations, hosting providers, data storage and processing infrastructure, and technical tools, frameworks, and software used in operations.Elsewhere, officials are keen to hear about the financial side of operations, including: Funding sourcesFinancial accounts and banking relationshipsCryptocurrency walletsPayments for infrastructureFinancial networks supporting operationsAnyone with dirt on either of the two groups can submit their tip here, uploading relevant files such as photographs, videos, and documents. FOLLOW US ON SOCIAL MEDIA

Avast One review: Outstanding Mac protection with one big catch – Macworld
Avast One review: Outstanding Mac protection with one big catch Macworld


