Meta said on Friday that it had blocked a “small cluster” of WhatsApp accounts linked to an Iranian hacking group targeting officials associated with President Joe Biden and former President Donald Trump.
The company said in a blog post that the fake WhatsApp accounts appear to be from the Iranian threat actor known as APT42, which other technology companies such as Google previously described as an “Iranian state-sponsored cyber espionage actor.” The group has targeted various activists, non-governmental organizations, media outlets, and others.
Meta said the scheme was designed to “exploit political and diplomatic officials and other public figures, including some associated with the administrations of President Biden and former President Trump.” The campaign also targeted people in Israel, Palestine, Iran and the United Kingdom.
With less than 75 days to go before the November election, Meta is increasingly coming under public scrutiny for the way it exploited and manipulated Facebook in the previous two presidential campaigns. The company said it had seen no evidence that WhatsApp users’ accounts had been compromised and was sharing further information with “law enforcement and our industry colleagues.”
Meta explained that its security team was able to detect APT42’s involvement after analyzing suspicious messages received by an unspecified number of users from the fraudulent WhatsApp accounts.
“These accounts posed as technical support for AOL, Google, Yahoo, and Microsoft,” Meta said in the blog post. “Some of the people targeted by APT42 reported these suspicious messages to WhatsApp using our in-app reporting tools.”
The Trump campaign said earlier this month that a foreign actor had infiltrated its network and illegally gained access to internal communications data. Microsoft also said at the time that it had identified several Iranian hacker groups attempting to influence the U.S. presidential election, and that a group linked to APT42 “sent a spear-phishing email to a senior presidential campaign official in June from the compromised email account of a former senior adviser.”
In 2019, Microsoft said it had identified several hackers with ties to the Iranian government who were suspected of targeting an unspecified U.S. presidential campaign, as well as other government officials and the media.
REGARD: Big Tech: too big to break up
