Advertisement

Meta deep-sixes WhatsApp accounts tied to Iranian hacking group 

The tech giant believes it is another instance of Iranian hackers attempting to meddle in U.S. politics and the upcoming presidential election.
encryption
The recent flaw in WhatsApp does not mean encryption is a gimmick. (<a href="https://flic.kr/p/RjpgAw">Jeso Carneiro</a>/Flickr)

Meta security teams blocked “a small cluster” of WhatsApp accounts associated with APT42, an Iranian government-backed group accused by  U.S. officials of hacking into the Trump campaign’s email accounts, the company said Friday.

According to a blog post from Meta, the Iranian-linked accounts were “likely” for social engineering purposes, with the actors posing as tech support for companies like AOL, Google, Yahoo and Microsoft. Impersonating IT support employees is a tactic that has at times proven to be successful in helping malicious cyber groups steal high-value credentials for major businesses and organizations, but in this case, intended victims flagged the activity using WhatsApp’s reporting tools.

The accounts targeted individuals in Israel, Palestine, Iran, the United States and the United Kingdom, in what Meta believes is another instance of Iranian hackers attempting to meddle in U.S. politics and the upcoming presidential election.

“This effort appeared to have focused on political and diplomatic officials, and other public figures, including some associated with administrations of President Biden and former President Trump,” the company wrote.

Advertisement

Meta could only say it found  no evidence of compromised accounts and  its information “suggests” the attempts were unsuccessful.

Meta’s actions  follow a flurry of recent reporting that accuses Iran’s government of attempting to interfere in the U.S. presidential election. Earlier this month, Microsoft first reported that Iranian hackers attempted to use a former senior adviser’s compromised email account to spearphish a high-ranking presidential campaign official. 

Google later reinforced those findings with its own research, saying it had observed Iranian actors linked to Iran’s Islamic Revolutionary Guard Corps attempting to pilfer credentials from people associated with the Trump and Biden campaigns.

Earlier this week, the Office of the Director of National Intelligence, the FBI and the Cybersecurity and Infrastructure Security Agency said that incident helped to lay the groundwork for a hack-and-leak effort by APT42 targeting the Trump campaign, vice presidential candidate JD Vance and campaign associates. Intelligence officials said Vice President Kamala Harris’ presidential campaign has also been targeted by Iranian hackers.  

Derek B. Johnson

Written by Derek B. Johnson

Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Latest Podcasts