Meta, the parent company of WhatsApp, announced on Friday that it has successfully blocked a group of fake WhatsApp accounts associated with an Iranian hacker group. This particular group was found to be targeting individuals working on U.S. presidential election campaigns.
The hackers employed a deceptive tactic by posing as tech support agents from well-known companies such as Google, Yahoo, and Microsoft. Their aim was to target high-profile individuals including political figures in the United States, the United Kingdom, Israel, and Iran.
Meta discovered this scheme after receiving reports from WhatsApp users about suspicious messages. It was revealed that these attempts were part of a broader phishing campaign orchestrated by APT42—a notorious hacking group known for stealing online credentials.
Although Meta did not find any evidence indicating that the targeted accounts had been compromised, they decided to take precautionary measures. The company shared its findings with law enforcement agencies and other tech companies in order to ensure everyone’s safety.
This hacker group is also known as UNC788 and Mint Sandstorm. Previously, they have been linked to attacks against various targets in the Middle East including the Saudi military, dissidents, human rights activists from Israel and Iran, politicians in the United States, as well as academics and journalists focused on Iran worldwide.
In a statement addressing this issue, Meta stated: “We have not seen evidence of the targeted WhatsApp accounts being compromised but out of an abundance of caution we’re sharing our findings publicly.” They emphasized their commitment to collaborating with law enforcement agencies and industry peers.
This incident comes shortly after the U.S. intelligence community expressed confidence that Iranian actors were responsible for hacking both political parties’ presidential campaigns—an effort aimed at interfering with the U.S. presidential election.
Google has also connected this same hacking group to Iran’s Revolutionary Guard. In fact earlier this month Google’s threat intelligence arm reported that since May this year they had attempted to infiltrate personal email accounts associated with around twelve individuals linked to both Biden and Trump campaigns.
Microsoft had previously reported a suspected Iranian cyber intrusion into this year’s presidential election just days before these recent developments came into light.
The FBI has acknowledged that attempted hacks during U.S. presidential campaigns are not new occurrences but rather part of “increasingly aggressive Iranian activity” during each election cycle.
According to an assessment by The Office of Director National Intelligence last month regarding Iranian groups’ activities within cyberspace; it states their objective is fueling distrust towards U.S institutions while simultaneously increasing social discord—particularly evident through their efforts in stoking tensions over Israel-Gaza conflict using online personas and propaganda mills for spreading disinformation.