Meta blocks Iran-linked hackers on WhatsApp who targeted US official

Meta, the parent company of Facebook, Instagram and WhatsApp, has said that its security teams have blocked some accounts on the WhatsApp messaging platform that were acting as support agents for the tech companies.

Meta said in a statement on August 23 that the WhatsApp accounts were linked to a group of hackers linked to Iran and that the same group had also attempted email phishing attacks targeting people associated with US President Joe Biden, Vice President Kamala Harris, and former US President Donald Trump, as well as political and diplomatic officials.

Meta said it had found no evidence that the targeted WhatsApp accounts had been successfully compromised, but said it had shared the information with law enforcement and other tech companies.

Earlier, the US formally accused Iran of trying to undermine the US presidential elections.

In a joint statement on August 19, the Office of the Director of National Intelligence, the FBI and federal cybersecurity agency CISA said, “Iran views this year’s elections as particularly important in terms of the impact they may have on its national security interests, increasing Tehran’s tendency to try to influence the outcome.”

“We have witnessed increased offensive activity by Iran during this election cycle, including influence operations specifically targeting the American public and cyber operations targeting presidential campaigns,” the statement said.

The US presidential election is scheduled to be held this November, in which there will be a contest between Democratic candidate US Vice President Kamala Harris and former US President and Republican candidate Donald Trump.

Meta said in its statement on August 23 that the recent “malicious activity” originated in Iran and was aimed at people in Israel, Palestine, Iran, the United States and Britain.

It said that hackers on WhatsApp pretended to be technical support from AOL, Google, Yahoo and Microsoft.

The tech company said a small group of “potential social engineering activity” on WhatsApp was blocked by its security teams after investigating user reports.

They attempted to trick targets into revealing sensitive information, such as account passwords, the company said. The campaign was identified when some targets reported suspicious messages to WhatsApp, the company said.

Meta said its investigation linked the hacking attempts to APT42 (also known as UNC788 and Mint Sandstorm), an Iranian threat actor known for its frequent adversarial campaigns using basic phishing tactics on the Internet to steal credentials of people’s online accounts.

The US company said it had previously shared threat research related to the group targeting individuals in the Middle East, including the Saudi military, dissidents and human rights activists in Israel and Iran, US politicians, and Iran-focused academics, activists and journalists around the world.