Meta recently announced that it had blocked a "small cluster" of WhatsApp accounts connected to an Iranian hacking group targeting officials associated with President Joe Biden and former President Donald Trump. The social media company revealed that the bogus WhatsApp accounts were linked to the Iranian threat actor known as APT42, which has been previously described as an "Iranian state-sponsored cyber espionage actor" by other tech companies like Google.
The scheme was aimed at exploiting political and diplomatic officials, as well as other public figures, including individuals associated with the administrations of President Biden and former President Trump. The campaign also targeted people in Israel, Palestine, Iran, and the U.K.
Meta's security team detected APT42's involvement after analyzing suspicious messages reported by users who had received them from the fraudulent WhatsApp accounts. These accounts posed as technical support for popular email services like AOL, Google, Yahoo, and Microsoft.
The revelation comes as Meta faces increased scrutiny over the potential misuse and manipulation of its platforms in the lead-up to the November election. The company stated that it had not found any evidence of compromised WhatsApp accounts and is cooperating with law enforcement and industry peers to address the issue.
This incident follows reports from the Trump campaign and Microsoft earlier this month regarding foreign actors attempting to influence the U.S. presidential election. Microsoft identified several Iranian hacking groups, including one affiliated with APT42, engaged in spear phishing tactics targeting high-ranking officials on presidential campaigns.
In 2019, Microsoft also identified hackers linked to the Iranian government targeting a U.S. presidential campaign, along with government officials and media outlets. The ongoing efforts by foreign actors to interfere in U.S. elections highlight the importance of cybersecurity and vigilance in safeguarding against such threats.