Researchers at Meta have published details on Iranian spear-phishing attacks targeting WhatsApp accounts. The activity is attributed to APT42, a threat actor tied to Iran’s Islamic Revolutionary Guard Corps (IRGC).
The threat actor is targeting WhatsApp accounts belonging to individuals in Israel, Palestine, Iran, the United States, and the UK, focusing on “political and diplomatic officials, and other public figures, including some associated with administrations of President Biden and former President Trump.”
APT42 uses well-known social engineering techniques to compromise its victims. In this case, the threat actor impersonated tech support employees at major companies.
“These accounts posed as technical support for AOL, Google, Yahoo, and Microsoft,” Meta says. “Some of the people targeted by APT42 reported these suspicious messages to WhatsApp using our in-app reporting tools. Those reported messages enabled us to investigate this latest campaign and link it to the same hacking group responsible for similar attempts aimed at political, military, diplomatic and other officials, as reported by our industry peers at Microsoft and Google.”
The researchers add that there’s no evidence that the threat actor succeeded in compromising any accounts, but WhatsApp users should remain on the lookout.
“The vigilance of these users to report the messages to us suggests that these efforts were unsuccessful,” Meta says. “We have not seen evidence that their accounts were compromised. We have encouraged those who reported to us to take steps to ensure their online accounts are safe across the internet.
Out of an abundance of caution and given the heightened threat environment ahead of the US election, we also shared information about this malicious activity with law enforcement and with the presidential campaigns to encourage them to stay cautious against potential adversarial targeting.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Meta has the story.