Iranian Campaign Targets WhatsApp Users

Meta, the parent company of Facebook, Instagram and WhatsApp has said that its security teams had blocked a small cluster of accounts on the WhatsApp messaging platform, who were posing as support agents.

Meta’s security teams identified and blocked a cluster of WhatsApp accounts impersonating techniical supprts staff for major tech companies inclusing AOL, Google, Yahoo, and Microsoft.

This sophisticated social engineering attack, attributed to the Iranian hacker group APT42 (also known as UNC788 and Mint Sandstorm), aimed at political and diplomatic officials, as well as other prominent figures connected to both the Biden and Trump administrations.

The Attack’s scope spanned individuals in Israel, the Palestinian Authority, Iran, the US, and  Britain.

APT42 is notorious for its persistent phishing campaigns that exploit basic tactics to steal credentials for online accounts.Previously, this group has been linked to similar activities targeting Saudi military personnel, dissidents, human rights activists from Israel and Iran, and journalists worldwide. In this latest campaign, APT42’s phishing attempts involved creating fake technical support accounts, which were promptly reported by users.

APT42 is assessed by Mandiant to operate on behalf of the Islamic Revolutionary Guard Corps Intelligence Organisation (IRGC-IO), and according to Cybernews, this group is known for deploying surveillance software that can record phone calls, steal text messages, and activate cameras and microphones without the user’s knowledge.

Researchers following the group have linked APT42’s activities to broader efforts to infiltrate US presidential campaigns. This connection was highlighted by recent reports from Microsoft and Google, which also detailed Iranian attempts to interfere in the upcoming US presidential election. However, considering the high-profile nature of the targets, Meta has chosen to disclose these findings publicly. The company has also informed law enforcement and presidential campaigns to enhance vigilance against potential adversarial activities.

The ability of Meta’s users to recognise and report these suspicious accounts played a crucial role in preventing further damage. The reported accounts were blocked before they could cause significant harm. With the next US elections and heightened security concerns, Meta is urging public figures, journalists, and political candidates to stay alert.

Meta recommends using available privacy and security settings, avoiding interactions with unknown contacts, and reporting any suspicious activity immediately. These events highlight the importance of cyber security vigilance in an increasingly interconnected world, particularly for high-profile individuals and organisations.

I-HIS     |     The Print     |     X.com     |     Trend Micro   |    Mandiant 

Image: arivera

You Might Also Read:

Iranian Hackers Target Israeli Citizens:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Hackers Attack Russia & Belarus
Cyber Attack Hits German Air Traffic Control »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SecurityMetrics

SecurityMetrics

SecurityMetrics is leader in data security, PCI, and HIPAA compliance solutions

Echelon

Echelon

Echelon Company is a provider of information security services specializing in certification of security software and hardware products in Russia.

Junglemap

Junglemap

Junglemap provide nanolearning training courses on ransomware, information security and GDPR.

Suprema

Suprema

Suprema is a leading global provider of access control and biometrics solutions.

Calian Group

Calian Group

Calian is a diverse Canadian company offering professional services in areas including Advanced Technologies, Health, Learning and IT & Cyber Solutions.

Exeon Analytics

Exeon Analytics

Exeon Analytics is a Swiss cyber security company that is specialized in detecting hidden data breaches and advanced cyber attacks.

eCosCentric

eCosCentric

eCosCentric provides software development solutions for the IoT, M2M & embedded systems market.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

MOXFIVE

MOXFIVE

MOXFIVE is a specialized technical advisory firm founded to bring clarity to the complexity of cyber attacks.

ChaosSearch

ChaosSearch

ChaosSearch is a massively scalable ELK-compatible log analysis platform delivered as a fully managed service with high-performance and low cost.

SECUINFRA

SECUINFRA

Since 2010, SECUINFRA have specialized in detecting, analyzing and defending against cyber attacks.

MyCISO

MyCISO

MyCISO is the World’s first SaaS application that will vastly simplify security management for all.

Fletch

Fletch

Fletch’s AI tracks the evolving cybersecurity threat landscape by reading and interpreting every threat article every day and matching those threats to a company’s exposure.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.

Leaf IT

Leaf IT

Leaf IT are a pioneering cloud-first MSP, dedicated to helping businesses in the UK and Ireland. We focus on delivering tangible results for our clients through IT transformation.

CarbonHelix

CarbonHelix

CarbonHelix provides cybersecurity services from US-based security operations centers that meet the highest compliance requirements.