Meta shut down a small group of WhatsApp accounts allegedly associated with the government of Iran that were targeting staff from the political campaigns of former president Donald Trump and current President Joe Biden, according to a statement published online by the tech giant Friday. Iranian-linked hackers previously attempted to hack both the Trump and Biden campaigns, according to U.S. intelligence officials earlier this week, though it’s not clear if there’s overlap between the operations.
The Iran-linked hacking group has been given the names APT42 (as well as UNC788 and Mint Sandstorm) by Western cybersecurity researchers and uses pretty straightforward social engineering tactics to steal credentials from high-value targets. Some of the targets included people “associated with the administrations of President Biden and former President Trump,” though Meta didn’t elaborate beyond that.
Other targets included unnamed people in the Middle East, including the Saudi military, as well as human rights activists in Israel and Iran, academics who focus on Iran, as well as activists and journalists around the world, according to the statement from Meta. The company noted that it contacted law enforcement in the U.S. about the attempted phishing against Biden and Trump due to the “heightened threat environment” of the upcoming election.
“These accounts posed as technical support for AOL, Google, Yahoo, and Microsoft,” Meta explained. “Some of the people targeted by APT42 reported these suspicious messages to WhatsApp using our in-app reporting tools. Those reported messages enabled us to investigate this latest campaign and link it to the same hacking group responsible for similar attempts aimed at political, military, diplomatic and other officials, as reported by our industry peers at Microsoft and Google.”
The phishing attempts were reported to WhatsApp quickly enough that Meta believes the APT42 group was ultimately unsuccessful in hijacking the accounts they were after. But it’s impossible to know where they’ll pop up next. The social media company encourages anyone who may potentially be a target of cyber espionage to remain vigilant and report anything that seems suspicious.
“We continue to monitor information coming from our industry peers, our own investigations and user reports and will take action if we detect further attempts by malicious actors to target people on our apps,” Meta said. “We strongly encourage public figures, journalists, political candidates and campaigns to remain vigilant, take advantage of privacy and security settings, avoid engaging with messages from people they don’t know and report suspicious activity to us.”
