Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp

Avatar
Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The activity cluster, which originated from Iran, “appeared to have focused on political and diplomatic

Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S.

The activity cluster, which originated from Iran, “appeared to have focused on political and diplomatic officials, and other public figures, including some associated with administrations of President Biden and former President Trump,” Meta said.

The social media giant attributed it to a nation-state actor tracked as APT42, which is also known as Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda. It’s assessed to be linked to Iran’s Islamic Revolutionary Guard Corps (IRGC).

The adversarial collective is well-known for its use of sophisticated social engineering lures to spear-phish targets of interest with malware and steal their credentials. Earlier this week, Proofpoint revealed that the threat actor targeted a prominent Jewish figure to infect their machine with malware called AnvilEcho.

Meta said the “small cluster” of WhatsApp accounts masqueraded as technical support for AOL, Google, Yahoo, and Microsoft, although the efforts are believed to be unsuccessful. The accounts have since been blocked.

“We have not seen evidence that their accounts were compromised,” the parent company of Facebook, Instagram, and WhatsApp said. “We have encouraged those who reported to us to take steps to ensure their online accounts are safe across the internet.”

The development comes as the U.S. government formally accused Iran of attempting to undermine U.S. elections, stoke divisive opinion among the American public, and erode confidence in the electoral process by amplifying propaganda and gathering political intelligence.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Previous Post

Russian arrested in Argentina for laundering money for hackers

Next Post

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

Related Posts

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials

Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishing-as-a-service (PhaaS) platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru (41,500), Spain (30,000), and Argentina
Omega Balla
Read More

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28, which is also referred to as
Avatar
Read More