Meta has recently blocked a “small cluster” of WhatsApp accounts connected to Iranian hackers who targeted officials associated with both President Joe Biden and former President Donald Trump.
Who Is Behind the WhatsApp Accounts?
In a blog post, Meta revealed that these accounts were linked to the cyber espionage group known as APT42, also referred to as UNC788 and Mint Sandstorm. This group has previously been associated with Iranian state-sponsored activities and has targeted activists, non-governmental organizations, media outlets, and other public figures.
The WhatsApp accounts were part of a broader scheme aimed at exploiting political and diplomatic officials and other high-profile individuals, including those linked to the administrations of Biden and Trump. The hacking attempts also extended to individuals in Israel, Palestine, Iran, and the United Kingdom.
According to Meta, the suspicious activity involved hackers posing as technical support representatives from well-known companies such as AOL, Google, Yahoo, and Microsoft. These impersonations were part of a social engineering strategy designed to compromise the targets’ accounts.
How Meta Detected the Threat?
Meta’s security team detected APT42’s involvement after receiving reports from users who had encountered suspicious messages from these fraudulent WhatsApp accounts. Using the in-app reporting tools, some targets flagged these interactions, prompting Meta to investigate. The company found no evidence that any user accounts were successfully compromised by these attacks, but it has still reported the activity to law enforcement authorities. Meta also shared the information with its industry peers to help mitigate further threats.
The disclosure of these security concerns comes at a sensitive time, with less than 75 days remaining before the upcoming U.S. November election. Meta, as the parent company of Facebook, has faced increased public scrutiny due to past instances where its platforms were exploited and manipulated during previous presidential campaigns. The company is now actively cooperating with law enforcement and other technology companies to prevent similar incidents.
Adding to the security challenges, the Trump campaign revealed earlier this month that a foreign actor had compromised its network, gaining unauthorized access to internal communications.
Around the same time, Microsoft reported detecting attempts by several Iranian hacking groups, including those linked to APT42, to influence the U.S. presidential election. According to Microsoft, a spear-phishing email was sent in June to a high-ranking official of a presidential campaign using the compromised email account of a former senior advisor. Microsoft had previously identified hackers connected to the Iranian government as having targeted a U.S. presidential campaign, government officials, and media personnel as early as 2019.
