Meta has revealed that it recently blocked a “small cluster” of WhatsApp accounts connected to an Iranian hacking group, which had been targeting officials linked to President Joe Biden and former President Donald Trump. In a blog post released on Friday, Meta disclosed that these fraudulent accounts were associated with APT42, an Iranian state-sponsored cyber espionage group previously identified by tech companies such as Google.
APT42, also known for targeting activists, non-governmental organizations, and media outlets, had used these accounts to exploit political and diplomatic officials, as well as public figures from various countries including Israel, Palestine, Iran, and the United Kingdom. With the U.S. presidential election less than 75 days away, this revelation highlights ongoing concerns about the security of digital communications and potential foreign interference in the electoral process.
Meta’s security team detected APT42’s involvement through an analysis of suspicious messages reported by users who received communications from these fraudulent WhatsApp accounts. The accounts were designed to impersonate technical support for major companies like AOL, Google, Yahoo, and Microsoft. Although Meta has not found evidence suggesting that any WhatsApp accounts were compromised, the company is collaborating with law enforcement and other industry peers to address the issue.
Earlier this month, the Trump campaign disclosed that its network had been compromised by a foreign actor, resulting in the illegal acquisition of internal communications. Microsoft also reported identifying several Iranian hacking groups attempting to influence the U.S. presidential election. This included a group affiliated with APT42, which sent a spear-phishing email in June to a high-ranking official on a presidential campaign from the compromised email account of a former senior advisor.
Microsoft had previously identified Iranian hackers targeting a U.S. presidential campaign and other government officials and media in 2019. These developments underscore the ongoing challenge of securing digital platforms against sophisticated foreign cyber operations aimed at influencing political processes and compromising sensitive information.
