Meta uncovers Iranian state-sponsored hacking group APT42 attempting to exploit Biden and Trump officials via WhatsApp.
Meta announced on Friday that it has taken action against a “small cluster” of WhatsApp accounts associated with an Iranian hacking group known as APT42, which targeted officials linked to President Joe Biden and former President Donald Trump. The accounts, originating from this Iranian state-sponsored cyber espionage actor, aimed to exploit political and diplomatic figures in the U.S., Israel, Palestine, Iran, and the U.K.
APT42, which has been previously described by companies like Google as an Iranian state-backed cyber espionage group, has a history of targeting activists, non-governmental organizations, media outlets, and various public figures. This latest campaign focused on high-profile individuals associated with both current and former U.S. administrations.
With the U.S. presidential election looming, Meta’s actions are under heightened scrutiny, especially given past instances where its platforms have been manipulated during electoral campaigns. Despite the discovery of the fraudulent accounts, Meta stated that it found no evidence indicating that any WhatsApp user accounts were compromised. The company is working closely with law enforcement and industry partners to share insights and bolster defenses against such threats.
Meta’s security team was able to identify the involvement of APT42 by analyzing reports from users who received suspicious messages from these fake WhatsApp accounts. The messages posed as technical support from companies like AOL, Google, Yahoo, and Microsoft, attempting to deceive the recipients into divulging sensitive information.
“The malicious accounts impersonated customer support for major tech companies, aiming to gain trust and extract information from targeted individuals,” Meta detailed in its blog post.
Earlier in the month, the Trump campaign reported a security breach, alleging that a foreign actor had compromised its network and accessed internal communications. Around the same time, Microsoft identified several Iranian hacking groups, including one associated with APT42, which sent spear-phishing emails from a compromised account of a former senior advisor to a high-ranking official on a presidential campaign.
The latest findings by Meta and Microsoft underscore ongoing efforts by Iranian state-sponsored hackers to interfere in U.S. political processes. In 2019, Microsoft also reported that Iranian government-linked hackers targeted a U.S. presidential campaign and other government officials and media entities, indicating a sustained campaign to infiltrate and disrupt U.S. political affairs.
As the election draws near, Meta’s vigilance against cyber threats highlights the continuous risks posed by state-sponsored actors in undermining democratic processes. The company’s proactive measures in identifying and disabling these accounts are crucial in maintaining the integrity of online communications for public officials and safeguarding against potential election interference.
View this post on Instagram
