Meta, the parent company of Facebook, Instagram and WhatsApp has said that its security teams had blocked a small cluster of accounts on the WhatsApp messaging platform, who were posing as support agents for tech companies.
The WhatsApp accounts were linked to a group of hackers affiliated with Iran and the same group has also attempted email phishing attacks targeting people connected with US President Joe Biden, Vice President Kamala Harris and former US President Donald Trump along with political and diplomatic officials among others, Meta said in a statement on August 23.
Meta said it has not seen evidence the targeted WhatsApp accounts were successfully compromised, but said it has shared information with law enforcement and other tech companies.
Earlier, the US formally accused Iran of attempting to undermine the US presidential elections.
In a joint statement on August 19, the Office of the Director of National Intelligence, the FBI, and the federal cybersecurity agency CISA said, “Iran perceives this year’s elections to be particularly consequential in terms of the impact they could have on its national security interests, increasing Tehran’s inclination to try to shape the outcome.”
“We have observed increasingly aggressive Iranian activity during this election cycle, specifically involving influence operations targeting the American public and cyber operations targeting Presidential campaigns,” the statement read.
The US presidential polls are scheduled for this November with a face off between US Vice President Kamala Harris who is the Democratic candidate with former US President and Republican candidate Donald Trump.
Meta in its statement on August 23 said that the recent “malicious activity” originated in Iran and attempted to target individuals in Israel, Palestine, Iran, the United States and the UK.
It said that the hackers on WhatsApp pretended to be technical support for AOL, Google, Yahoo, and Microsoft.
The tech company said that a small cluster of “likely social engineering activity” on WhatsApp was blocked by its security teams after investigating user reports.
They attempted to trick targets into revealing sensitive information, such as account passwords, the company said, adding that it identified the campaign after some of the targets reported suspicious messages to WhatsApp.
Meta said that its investigation linked the hacking attempts to APT42 (also known as UNC788 and Mint Sandstorm), an Iranian threat actor known for its persistent adversarial campaigns using basic phishing tactics across the internet to steal credentials to people’s online accounts.
The US company said that they had previously shared threat research related to the group targeting people in West Asia, including Saudi military, dissidents and human rights activists from Israel and Iran, politicians in the US, and Iran-focused academics, activists and journalists around the world.