Meta identifies Iranian hacking group APT42 using WhatsApp to target Biden, Trump officials

Meta has taken action against a small cluster of WhatsApp accounts linked to an Iranian hacking group, APT42, which was allegedly targeting officials associated with both President Joe Biden and former President Donald Trump. 

The company revealed the move in a blog post, underscoring the ongoing threat posed by state-sponsored cyber espionage, particularly from actors tied to Iran.

What is APT42, and what steps did Meta take?

Meta’s security team identified the malicious activity after analyzing suspicious messages reported by users. 

The messages were traced back to APT42, an Iranian state-sponsored cyber espionage actor previously flagged by other tech giants like Google. 

The group has a history of targeting a wide range of individuals and organizations, including activists, non-governmental organizations, media outlets, and public figures.

The recent scheme aimed to exploit political and diplomatic officials and other public figures, including those associated with the administrations of both President Biden and former President Trump. 

The campaign also extended its reach to individuals in Israel, Palestine, Iran, and the UK.

With the November election approaching, Meta has come under increased scrutiny due to the ways its platforms have been manipulated in past presidential campaigns. 

Although Meta has not found evidence that any WhatsApp users’ accounts were compromised, the company is taking proactive measures. 

It is sharing detailed information with law enforcement and industry peers to bolster defenses against such threats.

Meta’s prompt response to the suspicious activity underscores the heightened vigilance required as cyber threats evolve. 

APT42’s tactics in this instance included posing as technical support representatives from companies like AOL, Google, Yahoo, and Microsoft. 

Meta noted that some of the targeted individuals reported these suspicious messages through WhatsApp’s in-app reporting tools, which helped the company identify and block the fraudulent accounts.

APT42’s history of cyber espionage

The Trump campaign revealed earlier this month that a foreign actor had compromised its network, illegally obtaining internal communications. 

This incident aligns with Microsoft’s previous findings, which identified several Iranian hacking groups attempting to influence the US presidential election. 

APT42 was linked to a spear-phishing email sent in June to a high-ranking official on a presidential campaign, using the compromised email account of a former senior advisor.

This is not the first time APT42 has been implicated in cyber-attacks targeting US political figures. 

In 2019, Microsoft identified hackers connected to the Iranian government who were believed to have targeted a US presidential campaign and other government officials and media outlets.

Meta’s swift action against APT42 highlights the ongoing battle against state-sponsored cyber threats, particularly those aimed at influencing political processes in the United States. 

As election-related cyber activity intensifies, companies like Meta are under pressure to protect their platforms from exploitation. The company’s collaboration with law enforcement and other industry players is crucial in this effort to safeguard digital communications and ensure the integrity of the upcoming election.