Meta has shut down a small group of WhatsApp accounts allegedly linked to the Iranian government that targeted the political campaigns of former President Donald Trump and current President Joe Biden, according to a statement posted online by the tech giant on Friday. personnel. U.S. intelligence officials said earlier this week that Iran-linked hackers had previously attempted to target the Trump and Biden campaigns, but it was unclear whether there was overlap between those operations.
Western cybersecurity researchers named the Iran-linked hacking group APT42 (along with UNC788 and Mint Sandstorm) and used fairly simple social engineering tactics to steal the credentials of high-value targets. Some of those targets included “people associated with the administrations of President Biden and former President Trump,” although Mehta did not elaborate.
Other targets included anonymous individuals in the Middle East, including the Saudi Arabian military, as well as human rights activists in Israel and Iran, academics focused on Iran, and activists and journalists around the world, according to Meta’s statement. The company noted that it had contacted U.S. law enforcement about phishing attempts targeting Biden and Trump due to the “heightened threat environment” ahead of the upcoming election.
“These accounts impersonated AOL, Google, Yahoo and Microsoft technical support,” Mehta explained. “Some of APT42’s targeted users reported these suspicious messages to WhatsApp using our in-app reporting tool. Information from these reports allowed us to investigate this latest campaign and link it to those responsible for targeting political, military, diplomatic and other officials. Similar attempts have been linked to the same hacking group, as reported by our industry peers at Microsoft and Google.
The phishing attempt was quickly reported to WhatsApp, and Meta believes the APT42 group was ultimately unsuccessful in hijacking the account they were after. But it’s impossible to know where they will appear next. The social media company encourages anyone who may be the target of cyber espionage to be vigilant and report anything suspicious.
“We will continue to monitor information from industry peers, our own investigations and user reports and will take action if we detect further attempts by malicious actors to target users on our apps,” Meta said. “We strongly encourage public figures to , reporters, political candidates, and campaigns to be vigilant, use privacy and security settings, avoid messages from people they don’t know, and report suspicious activity to us.”
