Meta Uncovers Iranian Hacker Group Targeting Global Political Figures via WhatsApp

On Friday, Meta Platforms joined Microsoft, Google, and OpenAI in exposing the activities of an Iranian state-sponsored threat actor. Meta revealed that the group used a series of WhatsApp accounts to target individuals in Israel, Palestine, Iran, the U.K., and the U.S.

This activity, traced back to Iran, appeared to focus on political and diplomatic figures, including individuals associated with the administrations of President Biden and former President Trump, according to Meta. The company attributed the activity to APT42, also known as Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda, which is believed to be linked to Iran’s Islamic Revolutionary Guard Corps (IRGC).

APT42 is known for its use of sophisticated social engineering tactics to spear-phish and deploy malware to steal credentials. Earlier in the week, Proofpoint disclosed that the group targeted a prominent Jewish figure with malware called AnvilEcho.

Meta noted that the small cluster of WhatsApp accounts pretended to be technical support from companies like AOL, Google, Yahoo, and Microsoft, but these attempts were reportedly unsuccessful, and the accounts have since been blocked.

Meta emphasized that there was no evidence of account compromise and advised those who reported the incidents to take steps to secure their online accounts.

This disclosure follows the U.S. government’s formal accusation against Iran for attempting to disrupt U.S. elections, sow discord among the American public, and undermine confidence in the electoral process through propaganda and political intelligence gathering.