Meta blocks WhatsApp accounts: Iranian hacker group attempts to steal US election data

Social media platform Meta revealed in its latest blog post that it has blocked a group of WhatsApp accounts associated with the Iranian hacker group APT42. They attempted to impersonate technical personnel and conduct phishing attacks on political figures related to former US President Trump and current President Biden.

Meta Blocks Some WhatsApp Accounts

The article points out that Meta has taken action against some accounts on its messaging platform WhatsApp after receiving user reports and conducting thorough investigations:

These accounts are associated with APT42, an Iranian criminal organization known for phishing attacks, targeting diplomats, politicians, and other public figures, including President Biden and former President Trump.

Earlier this month, the Trump campaign team did confirm a hack on their network by foreign hackers, and Microsoft has confirmed these attacks are linked to the aforementioned organization.

APT42's Attack Behavior

Meta cited a previous report indicating that the group known as APT42, also known as UNC788 or Mint Sandstorm, frequently targets political figures, military personnel, and media in the United States and the Middle East with phishing attacks in an attempt to steal their internal data:

APT42 attempts to infiltrate devices by sending phishing links to targeted individuals posing as technicians from Microsoft or Google to gather information and manipulate internal data related to political or defense issues.

Meta: Reported to Law Enforcement

The company stated that considering the upcoming U.S. election in less than three months, they have reported this security concern to relevant authorities:

While no WhatsApp users have been compromised so far, out of caution, we have not only disclosed the investigation results but also shared the information with law enforcement agencies and peers.

ScamSniffer Phishing Report: Losses Exceeding 3 Billion in Six Months, One Person Robbed of Tens of Millions Becomes Second Largest Victim in History

Google: APT42 Targets Israel and the United States

Two weeks ago, tech giant Google emphasized in a threat analysis report that this "Iranian government-supported cyber espionage group" poses a threat to social security.

The company stated that APT42's criminal activities this year span globally, including the United States, Israel, Palestine, and the United Kingdom.

Furthermore, since the escalation of the Israel-Palestine conflict in the past two years, the organization has shifted its focus to Israel, intensifying phishing attacks on the Israeli military, defense department, and media, even collecting large amounts of personal data through the distribution of forged petitions:

APT42 uses various tools as part of its phishing attacks, including malware, phishing URLs, and malicious redirects, attempting to exploit services like Google Sites, Drive, Gmail, Dropbox, and OneDrive.

Google also warned that as the U.S. election approaches, APT42 has been found attempting to hack the email accounts of dozens of individuals, including U.S. campaign teams, in May and June this year and has been blocked:

We urge government officials to strengthen the importance of personal email and account security.

ZachXBT Exposes North Korean Hacker Criminal Network, Posing as Developers to Infiltrate Teams and Scamming: Monthly Earnings of 500,000 USD