Nandini Roy Choudhury, writer
Brief news
- Meta has blocked a group of WhatsApp accounts linked to an Iranian espionage group targeting officials associated with former President Donald Trump and President Joe Biden.
- The fraudulent WhatsApp accounts were attributed to the Iranian threat actor APT42, known for targeting activists, NGOs, and media outlets.
- Meta’s security team identified APT42’s involvement by analyzing suspicious communications reported by targeted individuals, who received messages masquerading as technical support from AOL, Google, Yahoo, and Microsoft.
Detailed news
On Friday, Meta announced that it had blocked a “small grouping” of WhatsApp accounts that had been linked with an Iranian espionage group that was aiming officials related with former President Donald Trump and President Joe Biden.
The company stated in a blog post that the fraudulent WhatsApp accounts appeared to be the work of the Iranian threat actor known as APT42. This actor has already been referred to as a “Iranian backed by the state cyber spying actor” by other tech companies, such as Google. The organization has targeted a variety of entities, including activists, non-governmental organizations, and media outlets.
Meta stated that the scheme was designed to capitalize on “political and diplomatic officials, as well as other public figures, including those associated with the administrations of President Biden and former President Trump.”. The campaign also targeted individuals in the United Kingdom, Iran, Palestine, and Israel.
Meta is garnering heightened public attention as a result of the methods by which Facebook has been exploited and manipulated in the two previous presidential campaigns, with the November election less than 75 days away. The company stated that it has not encountered any evidence of any WhatsApp users’ accounts being compromised and is currently exchanging additional information with “law enforcement and our industry peers.”
Meta stated that its security team was able to identify APT42’s involvement by examining suspicious communications that an indeterminate number of users reported receiving from the fraudulent WhatsApp accounts.
Meta stated in the blog post that these accounts were masquerading as technical support for AOL, Google, Yahoo, and Microsoft. “These suspicious messages were reported to WhatsApp by a portion of the individuals targeted by APT42, who utilized our in-app reporting tools.”
Earlier this month, the Trump campaign disclosed that a foreign actor had unlawfully obtained internal communications and compromised its network. At the time, Microsoft also disclosed that it had identified numerous Iranian hacking groups that were attempting to influence the U.S. presidential election. Additionally, it reported that a group affiliated with APT42 “sent a spear phishing email to a high-ranking official on a presidential campaign in June from the compromised email account of a former senior advisor.”
In 2019, Microsoft announced that it had identified a number of hackers who were believed to have targeted an unspecified U.S. presidential campaign, as well as other government officials and media outlets, and were associated with the Iranian government.
Source : CNBC News
