Iranian Campaign Targets WhatsApp Users

Uploaded on 2024-09-09 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Meta, the parent company of Facebook, Instagram and WhatsApp has said that its security teams had blocked a small cluster of accounts on the WhatsApp messaging platform, who were posing as support agents.

Meta’s security teams identified and blocked a cluster of WhatsApp accounts impersonating techniical supprts staff for major tech companies inclusing AOL, Google, Yahoo, and Microsoft.

This sophisticated social engineering attack, attributed to the Iranian hacker group APT42 (also known as UNC788 and Mint Sandstorm), aimed at political and diplomatic officials, as well as other prominent figures connected to both the Biden and Trump administrations.

The Attack’s scope spanned individuals in Israel, the Palestinian Authority, Iran, the US, and  Britain.

APT42 is notorious for its persistent phishing campaigns that exploit basic tactics to steal credentials for online accounts.Previously, this group has been linked to similar activities targeting Saudi military personnel, dissidents, human rights activists from Israel and Iran, and journalists worldwide. In this latest campaign, APT42’s phishing attempts involved creating fake technical support accounts, which were promptly reported by users.

APT42 is assessed by Mandiant to operate on behalf of the Islamic Revolutionary Guard Corps Intelligence Organisation (IRGC-IO), and according to Cybernews, this group is known for deploying surveillance software that can record phone calls, steal text messages, and activate cameras and microphones without the user’s knowledge.

Researchers following the group have linked APT42’s activities to broader efforts to infiltrate US presidential campaigns. This connection was highlighted by recent reports from Microsoft and Google, which also detailed Iranian attempts to interfere in the upcoming US presidential election. However, considering the high-profile nature of the targets, Meta has chosen to disclose these findings publicly. The company has also informed law enforcement and presidential campaigns to enhance vigilance against potential adversarial activities.

The ability of Meta’s users to recognise and report these suspicious accounts played a crucial role in preventing further damage. The reported accounts were blocked before they could cause significant harm. With the next US elections and heightened security concerns, Meta is urging public figures, journalists, and political candidates to stay alert.

Meta recommends using available privacy and security settings, avoiding interactions with unknown contacts, and reporting any suspicious activity immediately. These events highlight the importance of cyber security vigilance in an increasingly interconnected world, particularly for high-profile individuals and organisations.

I-HIS     |     The Print     |     X.com     |     Trend Micro   |    Mandiant 

Image: arivera

You Might Also Read:

Iranian Hackers Target Israeli Citizens:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Hackers Attack Russia & Belarus
Cyber Attack Hits German Air Traffic Control »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

CyberPrism

CyberPrism

CyberPrism provides SaaS solutions using proprietary technology, underpinned by industry-leading technical practitioners to protect OT within Government, Maritime and Industrial markets.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

Qufaro

Qufaro

Qufaro is a new initiative designed to make it simpler for those with career ambitions in cyber security to access the UK’s cyber-specific education and innovation opportunities.

Xilinx

Xilinx

Xilinx is the inventor of the FPGA, programmable SoCs, and now, the ACAP. We are building the Adaptable, Intelligent World.

Hawk Network Defense

Hawk Network Defense

HAWK.io is the First Fully Automated, Multi-Tenant, Cloud-Based, MDR Service Company.

Phoenix Cybersecurity

Phoenix Cybersecurity

Phoenix Cybersecurity Services and Managed Security Services help clients just like you take full advantage of leading cybersecurity technologies and industry best practices.

TechDemocracy

TechDemocracy

TechDemocracy are a trusted, global cyber risk assurance solutions provider whose DNA is rooted in cyber advisory, managed and implementation services.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

Lunio

Lunio

Lunio makes the internet a safer and more reliable place for everyone trying to grow their business by automatically getting rid of fake clicks, traffic, and leads on all ad platforms.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.

Bureau

Bureau

Bureau is a no-code, identity decisioning platform that offers businesses the complete range of risk, compliance and ongoing fraud monitoring solutions innovated with AI.

Reclaim Security

Reclaim Security

Reclaim Security is your always-on force multiplier, empowering security teams to eliminate threat exposure using your existing security stack.