Meta said Friday it has blocked a group of fake WhatsApp accounts connected to an Iranian hacker group that was identified as being behind the targeting of staffers working on U.S. presidential election campaigns.
The hackers were pretending to be tech support agents from well-known companies like Google, Yahoo, and Microsoft and attempting to target high-profile individuals, including political figures in the United States, the United Kingdom, Israel, and Iran.
The scheme was uncovered after WhatsApp users reported suspicious messages, Meta said. The attempts were part of a broader effort by APT42, a group known for phishing campaigns aimed at stealing online credentials.
Meta didn’t find any evidence that these targeted accounts were actually hacked. As a precaution, the company decided to share its findings with law enforcement and other tech companies.
The hacker group, also known as UNC788 and Mint Sandstorm, was previously linked to the targeting of people in the Middle East, including the Saudi military, dissidents, and human rights activists from Israel and Iran, politicians in the United States, and Iran-focused academics, activists, and journalists around the world, Meta said.
“We have not seen evidence of the targeted WhatsApp accounts being compromised, but out of an abundance of caution, we’re sharing our findings publicly, in addition to sharing information with law enforcement and our industry peers,” Meta said in a statement.
Google has linked the same hacking group to Iran’s Revolutionary Guard. Earlier this month, the tech giant’s threat intelligence arm stated that the same Iranian group had attempted to infiltrate the personal email accounts of around a dozen individuals associated with Biden and Trump since May.
Microsoft had also reported a suspected Iranian cyber intrusion in this year’s presidential election just days earlier.
The FBI has said that the attempted hack of the U.S. presidential campaign is not new and is part of “increasingly aggressive Iranian activity” during the current election cycle.
The Office of the Director of National Intelligence said in an IC assessment last month that Iranian groups are working to fuel distrust toward U.S. institutions and increase social discord. The assessment states that the groups have notably been stoking tensions over the Israel-Gaza conflict using “vast webs of online personas and propaganda mills to spread disinformation.”
