Social media giant Meta Platforms said it has uncovered a cyber espionage campaign by an Iran-linked hacking threat actor targeting the WhatsApp accounts of officials in both the Biden and Trump administrations. The group, identified as APT42, is believed to have also targeted the Democratic and Republican presidential campaigns in the past.
APT42 aka UNC788 and Mint Sandstorm, has a history of persistent phishing campaigns aimed at political, military, diplomatic, and other officials, often using basic phishing tactics to steal online credentials.
The cyber attackers, posing as tech support agents for companies like AOL, Microsoft, Yahoo, and Google, were discovered after individuals reported receiving suspicious WhatsApp messages. Meta's investigation traced the activity to the same network responsible for a previous hacking incident linked to former President Donald Trump’s campaign.
Meta, the parent company of Facebook and Instagram, said that the hackers attempted to target the WhatsApp accounts of individuals in the Middle East, the United States, and the United Kingdom, including political and diplomatic officials tied to both the Biden and Trump administrations.
The company said it has blocked a small amount of accounts, however, it found no evidence that the targeted WhatsApp accounts were compromised.
The report comes after the US ODNI, FBI, and CISA confirmed last week that Iran was responsible for a series of cyberattacks targeting the presidential campaigns of former President Donald Trump and Vice President Kamala Harris.