Advertisement

Voting is open for the 2024 CyberScoop 50 awards! 

Click here!

Meta deep-sixes WhatsApp accounts tied to Iranian hacking group 

The tech giant believes it is another instance of Iranian hackers attempting to meddle in U.S. politics and the upcoming presidential election.

By

encryption
The recent flaw in WhatsApp does not mean encryption is a gimmick. (<a href="https://flic.kr/p/RjpgAw">Jeso Carneiro</a>/Flickr)

Meta security teams blocked “a small cluster” of WhatsApp accounts associated with APT42, an Iranian government-backed group accused by  U.S. officials of hacking into the Trump campaign’s email accounts, the company said Friday.

According to a blog post from Meta, the Iranian-linked accounts were “likely” for social engineering purposes, with the actors posing as tech support for companies like AOL, Google, Yahoo and Microsoft. Impersonating IT support employees is a tactic that has at times proven to be successful in helping malicious cyber groups steal high-value credentials for major businesses and organizations, but in this case, intended victims flagged the activity using WhatsApp’s reporting tools.

The accounts targeted individuals in Israel, Palestine, Iran, the United States and the United Kingdom, in what Meta believes is another instance of Iranian hackers attempting to meddle in U.S. politics and the upcoming presidential election.

“This effort appeared to have focused on political and diplomatic officials, and other public figures, including some associated with administrations of President Biden and former President Trump,” the company wrote.

Advertisement

Meta could only say it found  no evidence of compromised accounts and  its information “suggests” the attempts were unsuccessful.

Meta’s actions  follow a flurry of recent reporting that accuses Iran’s government of attempting to interfere in the U.S. presidential election. Earlier this month, Microsoft first reported that Iranian hackers attempted to use a former senior adviser’s compromised email account to spearphish a high-ranking presidential campaign official. 

Google later reinforced those findings with its own research, saying it had observed Iranian actors linked to Iran’s Islamic Revolutionary Guard Corps attempting to pilfer credentials from people associated with the Trump and Biden campaigns.

Earlier this week, the Office of the Director of National Intelligence, the FBI and the Cybersecurity and Infrastructure Security Agency said that incident helped to lay the groundwork for a hack-and-leak effort by APT42 targeting the Trump campaign, vice presidential candidate JD Vance and campaign associates. Intelligence officials said Vice President Kamala Harris’ presidential campaign has also been targeted by Iranian hackers.  

Derek B. Johnson

Written by Derek B. Johnson

Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

US Vice President and 2024 Democratic presidential candidate Kamala Harris speaks on the fourth and last day of the Democratic National Convention (DNC) at the United Center in Chicago, Illinois, on August 22, 2024. Harris was among multiple politicians denigrated by the Chinese-linked group Spamouflage. (Photo by ANDREW CABALLERO-REYNOLDS / AFP) (Photo by ANDREW CABALLERO-REYNOLDS/AFP via Getty Images)

Disinfo group Spamouflage more aggressively targeting U.S. elections, candidates

Graphika report finds the Chinese-linked group has been creating American personas online and spreading content designed to denigrate both parties and candidates. 
By Derek B. Johnson

Latest Podcasts

We’re back! RunSafe CEO Joe Saunders on secure-by-design in IoT devices

Ted Schlein on the cybersecurity industry and the latest twist in the Trump-Iran hacking saga

Hack-and-leak op targets Trump; a technical deep dive with John Hammond on the CrowdStrike outage

A deep dive with Tim Starks on the Biden administration’s cybersecurity initiatives

Government

Technology

Threats

Geopolitics