Meta Uncovers Iranian Hacker Group Targeting Global Political Leaders on WhatsApp
Amidst revelations from companies like Microsoft, Google, and OpenAI, Meta Platforms disclosed the actions of an Iranian government-backed threat actor that utilized a series of WhatsApp accounts to target individuals in Israel, Palestine, Iran, the U.K., and the U.S.
The group of activities, originating from Iran, focused primarily on political and diplomatic officials, as well as other prominent figures associated with the governments of President Biden and former President Trump, according to Meta’s report.
Identified as APT42, the tactic collective is recognized with aliases such as Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda, and is linked to Iran’s Islamic Revolutionary Guard Corps (IRGC).
This collective specializes in using advanced social engineering tactics to deceive targets with malware via spear-phishing, aiming to steal their login credentials. Recently, Proofpoint unveiled that a notable figure was targeted for malware infection called AnvilEcho.
Meta confirmed that the limited set of WhatsApp accounts posed as tech support for AOL, Google, Yahoo, and Microsoft, though these attempts were reportedly unsuccessful as the accounts were shut down.
“There is no indication that their accounts were compromised,” stated the parent organization of Facebook, Instagram, and WhatsApp. “Needful actions have been recommended to ensure the safety of their online accounts on the web.”
These developments coincide with the formal accusation by the U.S. government against Iran for efforts to undermine U.S. elections, manipulate public opinion, and diminish trust in the electoral process by spreading propaganda and collecting political intelligence.
About Author
