Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp
Summary:
Meta shared insights on a small cluster of likely social engineering activity on WhatsApp that its security team was able to block after investigating user reports. This activity which originated from Iran attempted to target individuals in Israel, Palestine, Iran, the United States and the UK, focusing on political and diplomatic officials, and other public figures, including some associated with administrations of President Biden and former President Trump. Meta linked the activity cluster to APT 42 (aka UNC788 and Mint Sandstorm), an Iranian threat actor that is known for its persistent adversarial campaigns using basic phishing tactics across the internet to steal credentials to people’s online accounts.
Based on the latest reports made by users to Meta, APT 42 employed WhatsApp accounts masquerading as technical support for AOL, Google, Yahoo, and Microsoft. These efforts were unsuccessful and the accounts have since been blocked by Meta. Given the heightened threat environment ahead of the US election, Meta says it has shared information about this malicious activity with law enforcement and with the presidential campaigns to encourage them to stay cautious against potential adversarial targeting.
Security Officer Comments:
The development comes after the U.S government warned about an increase in Iranian activity, targeting the American public as well as Presidential campaigns. Microsoft and Google recently published advisories highlighting similar activity. Iran has been one of main instigators of these campaigns, where cyber operations are being launched to attempt to gain access to sensitive information related to U.S. elections and spread propaganda to shape the outcome of US election.
Suggested Corrections:
Public figures, journalists, political candidates and campaigns have been advised to remain vigilant, take advantage of privacy and security settings, avoid engaging with messages from people they don’t know and report suspicious activity.
Link(s):
https://about.fb.com/news/2024/08/taking-action-against-malicious-accounts-in-iran/
https://thehackernews.com/2024/08/meta-exposes-iranian-hacker-group.html
Meta shared insights on a small cluster of likely social engineering activity on WhatsApp that its security team was able to block after investigating user reports. This activity which originated from Iran attempted to target individuals in Israel, Palestine, Iran, the United States and the UK, focusing on political and diplomatic officials, and other public figures, including some associated with administrations of President Biden and former President Trump. Meta linked the activity cluster to APT 42 (aka UNC788 and Mint Sandstorm), an Iranian threat actor that is known for its persistent adversarial campaigns using basic phishing tactics across the internet to steal credentials to people’s online accounts.
Based on the latest reports made by users to Meta, APT 42 employed WhatsApp accounts masquerading as technical support for AOL, Google, Yahoo, and Microsoft. These efforts were unsuccessful and the accounts have since been blocked by Meta. Given the heightened threat environment ahead of the US election, Meta says it has shared information about this malicious activity with law enforcement and with the presidential campaigns to encourage them to stay cautious against potential adversarial targeting.
Security Officer Comments:
The development comes after the U.S government warned about an increase in Iranian activity, targeting the American public as well as Presidential campaigns. Microsoft and Google recently published advisories highlighting similar activity. Iran has been one of main instigators of these campaigns, where cyber operations are being launched to attempt to gain access to sensitive information related to U.S. elections and spread propaganda to shape the outcome of US election.
Suggested Corrections:
Public figures, journalists, political candidates and campaigns have been advised to remain vigilant, take advantage of privacy and security settings, avoid engaging with messages from people they don’t know and report suspicious activity.
Link(s):
https://about.fb.com/news/2024/08/taking-action-against-malicious-accounts-in-iran/
https://thehackernews.com/2024/08/meta-exposes-iranian-hacker-group.html