California: Meta, the company behind Facebook, Instagram, and WhatsApp, has announced that it has blocked a small group of accounts on WhatsApp. These accounts were pretending to be support agents from tech companies, which is a serious red flag.
Hackers Linked to Iran
The suspicious WhatsApp accounts were linked to a hacking group from Iran. This same group has also engaged in email phishing attacks. Their targets have included people close to President Joe Biden, Vice President Kamala Harris, and former President Donald Trump, along with other political and diplomatic officials. Meta disclosed this information in a statement on August 23.
Blocking the Accounts
Although Meta hasn’t found any evidence that the targeted WhatsApp accounts were actually compromised, they took the matter seriously. Meta has shared this information with law enforcement and other tech companies to help combat these threats.
Iran’s Influence on US Elections
Earlier, the US formally accused Iran of trying to disrupt the US presidential elections. On August 19, the Office of the Director of National Intelligence, the FBI, and the federal cybersecurity agency CISA issued a joint statement. They emphasized, “Iran sees this year’s elections as critical to its national security interests, making Tehran more inclined to influence the outcome.”
“We have observed increasingly aggressive Iranian activity during this election cycle, specifically targeting the American public and presidential campaigns,” the joint statement added.
Upcoming Presidential Polls
The US presidential elections are just around the corner, scheduled for November. The elections will feature a showdown between Vice President Kamala Harris, representing the Democratic Party, and former President Donald Trump, representing the Republicans. In its August 23 statement, Meta also said that the recent “malicious activity” originated in Iran. The hackers attempted to target individuals not only in the United States but also in Israel, Palestine, Iran, and the UK.
Hackers Pose as Support Agents
The hackers on WhatsApp pretended to be technical support for big tech companies like AOL, Google, Yahoo, and Microsoft. According to Meta, the security teams blocked a small cluster of “likely social engineering activity” after investigating user reports. The hackers tried to trick people into revealing sensitive information like their account passwords. Meta discovered this campaign after some victims reported suspicious messages to WhatsApp.
Linked to APT42
Meta’s investigation has tied these hacking attempts to APT42, also known as UNC788 and Mint Sandstorm. This Iranian threat actor is notorious for its persistent, adversarial campaigns. APT42 employs basic phishing tactics across the internet to steal credentials from people’s online accounts.
History of Targeting People
Meta has previously shared research about this group, which has targeted individuals in the West Asia region. Their targets have included the Saudi military, dissidents, and human rights activists from Israel and Iran. They have also aimed at US politicians and Iran-focused academics, activists, and journalists worldwide. Meta’s continuous efforts to expose and block such activities demonstrate their commitment to user security.
Stay tuned for more updates as we continue to monitor this evolving story. Remember to be cautious and verify the legitimacy of messages you receive, especially those asking for sensitive information.