Fake WhatsApp accounts connected to an Iranian hacker group have been blocked by Meta, the parent company of WhatsApp. The group, known as APT42 or UNC788, was previously identified by the U.S. intelligence community for targeting the campaigns of both President Trump and President-elect Biden. These hackers posed as tech support agents from reputable companies like Google, Yahoo, and Microsoft in an attempt to deceive high-profile individuals, including political figures in the United States, the United Kingdom, Israel, and Iran.
The scheme was exposed when WhatsApp users reported receiving suspicious messages. Meta, as a precautionary measure, decided to share its findings with law enforcement and other tech companies. It is important to note that there is no evidence to suggest that the targeted accounts were actually compromised. However, Meta wanted to ensure the safety and security of its users by taking the necessary steps to address the situation.
This incident is part of a larger effort by APT42 to conduct phishing campaigns aimed at stealing online credentials. The group, also known as Mint Sandstorm, has previously targeted individuals in the Middle East, including the Saudi military, dissidents, and human rights activists from Israel and Iran. They have also targeted politicians in the United States, as well as academics, activists, and journalists worldwide who focus on Iran.
In response to these findings, Meta released a statement sharing their concerns and actions taken. They emphasized that while there is no evidence of compromised accounts, they wanted to err on the side of caution and make their findings public. By doing so, they hope to raise awareness and prevent further attempts by APT42 to target individuals.
The U.S. intelligence community has expressed confidence that Iranian actors were behind the hack of both political parties’ presidential campaigns. Google’s threat intelligence arm has linked APT42 to Iran’s Revolutionary Guard, and Microsoft reported a suspected Iranian cyber intrusion in this year’s presidential election. The FBI acknowledges that these attempts to hack the U.S. presidential campaign are not new and are part of an ongoing pattern of “increasingly aggressive Iranian activity” during the election cycle.
The Office of the Director of National Intelligence has stated that Iranian groups are actively working to sow distrust in U.S. institutions and increase social discord. They have been using online personas and propaganda to spread disinformation, particularly in relation to the Israel-Gaza conflict. This assessment highlights the importance of remaining vigilant and taking necessary precautions to protect against cyber threats.
In conclusion, the blocking of fake WhatsApp accounts connected to an Iranian hacker group is a significant step in safeguarding the integrity of U.S. presidential campaigns. Meta’s proactive approach in sharing their findings and collaborating with law enforcement and other tech companies demonstrates their commitment to user security. It is crucial for individuals and organizations to stay informed and remain cautious in the face of ongoing cyber threats.
