Iranian Campaign Targets WhatsApp Users

Meta, the parent company of Facebook, Instagram and WhatsApp has said that its security teams had blocked a small cluster of accounts on the WhatsApp messaging platform, who were posing as support agents.

Meta’s security teams identified and blocked a cluster of WhatsApp accounts impersonating techniical supprts staff for major tech companies inclusing AOL, Google, Yahoo, and Microsoft.

This sophisticated social engineering attack, attributed to the Iranian hacker group APT42 (also known as UNC788 and Mint Sandstorm), aimed at political and diplomatic officials, as well as other prominent figures connected to both the Biden and Trump administrations.

The Attack’s scope spanned individuals in Israel, the Palestinian Authority, Iran, the US, and  Britain.

APT42 is notorious for its persistent phishing campaigns that exploit basic tactics to steal credentials for online accounts.Previously, this group has been linked to similar activities targeting Saudi military personnel, dissidents, human rights activists from Israel and Iran, and journalists worldwide. In this latest campaign, APT42’s phishing attempts involved creating fake technical support accounts, which were promptly reported by users.

APT42 is assessed by Mandiant to operate on behalf of the Islamic Revolutionary Guard Corps Intelligence Organisation (IRGC-IO), and according to Cybernews, this group is known for deploying surveillance software that can record phone calls, steal text messages, and activate cameras and microphones without the user’s knowledge.

Researchers following the group have linked APT42’s activities to broader efforts to infiltrate US presidential campaigns. This connection was highlighted by recent reports from Microsoft and Google, which also detailed Iranian attempts to interfere in the upcoming US presidential election. However, considering the high-profile nature of the targets, Meta has chosen to disclose these findings publicly. The company has also informed law enforcement and presidential campaigns to enhance vigilance against potential adversarial activities.

The ability of Meta’s users to recognise and report these suspicious accounts played a crucial role in preventing further damage. The reported accounts were blocked before they could cause significant harm. With the next US elections and heightened security concerns, Meta is urging public figures, journalists, and political candidates to stay alert.

Meta recommends using available privacy and security settings, avoiding interactions with unknown contacts, and reporting any suspicious activity immediately. These events highlight the importance of cyber security vigilance in an increasingly interconnected world, particularly for high-profile individuals and organisations.

I-HIS     |     The Print     |     X.com     |     Trend Micro   |    Mandiant 

Image: arivera

You Might Also Read:

Iranian Hackers Target Israeli Citizens:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Hackers Attack Russia & Belarus
Cyber Attack Hits German Air Traffic Control »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

RSA Conference

RSA Conference

RSA Conference conducts information security events around the globe that connect you to industry leaders and highly relevant information.

CCN-CERT

CCN-CERT

CCN-CERT is the Spanish national government computer security incident response centre.

Maryville Online - Cybersecurity Program

Maryville Online - Cybersecurity Program

The Cybersecurity Program at Maryville Online is designed to help students reach opportunities in cybersecurity leadership and management through an entirely online curriculum.

CSIS Security Group

CSIS Security Group

CSIS provide actionable threat intelligence, prevention, incident response and 24/7 managed security services.

SGCyberSecurity

SGCyberSecurity

SGCyberSecurity is Singapore's No.1 Cyber Security portal. From this platform, you will be able to find useful articles, resources and connect with the security companies for your business needs.

Khipu Networks

Khipu Networks

Khipu Networks is an award winning Cyber Security Company delivering a wide range of network, wireless and security solutions, technologies and services across multiple sectors.

Wipro

Wipro

Wipro Limited is a leading global information technology, consulting and business process services company.

Veritas Technologies

Veritas Technologies

Veritas provide industry-leading solutions that cover all platforms with backup and recovery, business continuity, software-defined storage and information governance.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

ValueMentor

ValueMentor

ValueMentor is a leading cyber security service provider in the Middle East. We enable clients to reduce risk by taking a strategic approach to cybersecurity.

Orbus Software

Orbus Software

Orbus develops, markets and sells enterprise software which helps large, blue chip and government organisations across the globe to achieve digital transformation outcomes.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

GoPlus Security

GoPlus Security

GoPlus is working as the "security infrastructure" for web3, by providing open, permissionless, user-driven Security Services.

FutureRange

FutureRange

Specialising in IT Managed Services, Cybersecurity and Digital Transformation, FutureRange experts provide professional IT services for clients throughout Ireland and beyond.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.