Meta takes down WhatsApp accounts linked to Iranian hackers targeting US elections

Meta blocked WhatsApp accounts involved in “a small group of social engineering activities” on the service. In its report, it revealed that it had traced activity to APT42 (also known as UNC788 and Mint Sandstorm), which the FBI had previously linked to a hacking campaign targeting members of the Trump and Harris camps. The company said that suspicious activity on WhatsApp “tried to target people in Israel, Palestine, Iran, the United States and the UK.” It also appeared to focus on political and diplomatic officials, including people associated with both presidential candidates.

Bad actors on WhatsApp posed as tech support representatives from AOL, Google, Yahoo and Microsoft, although Meta did not say how they tried to compromise their target accounts. Some of those targets reported the employee to the company, which forced it to start an investigation. Meta said it believes the perpetrators’ efforts were unsuccessful and has seen no evidence that the accounts of those targeted have been compromised. It still reports bad work to law enforcement, however, and shares information about both presidential campaigns.

Earlier this month, Google also published a report detailing how APT42 had been targeting high-profile users in Israel and the US for years. The company said it had seen “unsuccessful attempts” to compromise “the accounts of individuals associated with President Biden, Vice President Harris and former President Trump.” While Google described the APT42 attack as “unsuccessful,” the group successfully hacked into the account of one prominent victim: Roger Stone, a close political confidant of Trump. The FBI previously reported that he was the victim of phishing emails sent by Iranian hackers, who then used his account to send more phishing emails to his contacts.