Iranian hacking group APT42 was behind possible hacking attempt of senior US administration officials of Joe Biden, Donald Trump

Security teams at Meta Platforms have blocked a small cluster of WhatsApp accounts posing as support agents for tech companies.

Meta in a blog post said its “investigation linked this activity to APT42, an Iranian threat actor known for its persistent phishing campaigns across the internet targeting political and diplomatic officials, and other public figures (including some associated with the administrations of President Biden and former President Trump).”

It comes after Google’s Threat Analysis Group had earlier this month warned that Iranian hackers had tried to infiltrate the personal email accounts of roughly a dozen people linked to President Joe Biden and former President Donald Trump.

Just prior to that Microsoft Threat Intelligence had warned of numerous Iranian cyber intrusions in this year’s US presidential election, that included a hack of Republican presidential nominee Donald Trump.

Both Google and Microsoft had identified the same an Iranian government-backed threat actor – APT42. Redmond however refers to the group as Mint Sandstorm.

Now Meta has said it had identified possible hacking attempts on the WhatsApp accounts of US officials from the administrations of both President Joe Biden and former President Donald Trump.

Meta said it had “not seen evidence of the targeted WhatsApp accounts being compromised, but out of an abundance of caution, we’re sharing our findings publicly, in addition to sharing information with law enforcement and our industry peers.”

“As part of our regular updates on notable threat disruption efforts, we’re sharing our most recent insights into a small cluster of likely social engineering activity on WhatsApp that our security teams blocked after investigating user reports,” said Meta.

“This malicious activity originated in Iran and attempted to target individuals in Israel, Palestine, Iran, the United States and the UK,” it said. “This effort appeared to have focused on political and diplomatic officials, and other public figures, including some associated with administrations of President Biden and former President Trump.”

Meta said its investigation linked it to APT42 (also known as UNC788 and Mint Sandstorm).

Fake tech support

Meta said the APT42 accounts posed as technical support for AOL, Google, Yahoo and Microsoft.

Given the heightened threat environment ahead of the US election, Meta said it has “shared information about this malicious activity with law enforcement and with the presidential campaigns to encourage them to stay cautious against potential adversarial targeting.”

“We continue to monitor information coming from our industry peers, our own investigations and user reports and will take action if we detect further attempts by malicious actors to target people on our apps,” it stated.

“We strongly encourage public figures, journalists, political candidates and campaigns to remain vigilant, take advantage of privacy and security settings, avoid engaging with messages from people they don’t know and report suspicious activity to us.”