Meta reveals that Iranian government-backed hacking group APT42 targeted Biden administration and Trump associates

Meta reported that the Iranian government-backed hacker group APT42 (also known as UNC788 or Mint Sandstorm) was posing as support staff for companies such as Google, Microsoft, Yahoo, and AOL to carry out account takeover attacks. The targets of the hacking were politicians, diplomats, and other prominent figures from Israel, Palestine, Iran, the United States, and the United Kingdom, particularly those affiliated with the administrations of President Biden and former President Trump.

Taking Action Against Malicious Accounts in Iran | Meta

https://about.fb.com/news/2024/08/taking-action-against-malicious-accounts-in-iran/

Meta disrupts Iranian hacking group targeting the 2024 election : NPR
https://www.npr.org/2024/08/23/g-s1-19350/meta-iran-hacking-election-trump-harris-biden

APT42 is an Advanced Persistent Threat (APT) group believed to be sponsored by the Iranian government and associated with Iran's Islamic Revolutionary Guard Corps .

APT42 is known for its activities aimed at collecting information on Iran's national security interests and influencing important events such as elections. Specifically, it is known for its persistent phishing attacks against public figures such as politicians and diplomats, attempting to steal the credentials of their online accounts.

Meta reported this time about an attack on the messaging app WhatsApp. APT42 created fake accounts posing as technical support staff from major technology companies such as Google, Microsoft, Yahoo, and AOL, and sent messages directly to targeted individuals purporting to notify them that their account was at risk or that an important update was required. APT42 attackers then directed victims to fake sites and encouraged them to log in to various accounts, in an attempt to obtain login credentials.

According to Meta, the targets were individuals in Israel, Palestine, Iran, the United States and the United Kingdom, including public figures such as members of the administrations of President Biden and former President Trump, as well as diplomatic officials.

Similar tactics have also been reported by Google and Microsoft, with the Israeli military, diplomatic agencies, and US presidential election officials also being targeted.

Google announces that Iran-backed hacker group APT42 is targeting US presidential election officials and Israeli military, government and diplomatic agencies - GIGAZINE

However, Meta said that it found no evidence of compromised accounts in the WhatsApp attack, and that APT42's campaign on WhatsApp appears to have been completely unsuccessful. In addition, some of the targets reported receiving suspicious messages on WhatsApp, which allowed Meta to identify malicious activity and quickly block related accounts.

Meta commented, 'We are continuously monitoring information from industry peers, our own research, and user reports, and will take action if we detect additional attempts by bad actors to target users on our apps. We urge public figures, journalists, politicians and candidates, and election officials to remain vigilant, utilize their privacy and security settings, avoid engaging with messages from people they don't know, and report any suspicious activity to us.'