Malicious cybercriminals that were based in and supported by Iran have reportedly been detected in Meta"s WhatsApp service and have since been blocked. Meta announced this latest attempt by Iran-based state actors to cause trouble in a blog post late on Friday.
The blog post stated:
This malicious activity originated in Iran and attempted to target individuals in Israel, Palestine, Iran, the United States and the UK. This effort appeared to have focused on political and diplomatic officials, and other public figures, including some associated with administrations of President Biden and former President Trump.
The post said the Iran-based group, known by a number of names including APT42, UNC788 and Mint Sandstorm, used WhatsApp accounts to tell users they were customer service representatives working for several different companies, including AOL, Google, Yahoo, and Microsoft. Some of the WhatsApp users didn"t buy these claims (AOL and Yahoo have customer service representatives?) and reported them to Meta.
The blog post says that Meta does not believe the attempts to cause trouble by these groups were successful and there"s no word of any WhatsApp account being compromised. It added that it shared this information with law enforcement authorities, as well as the US presidential campaigns "out of an abundance of caution ."
Microsoft made headlines earlier this month when it announced that Iran-based state actors had been using a number of methods to influence the 2024 US presidential election. Soon afterward, the campaign to elect Donald Trump as president announced that it had been hacked and that some of its documents had been taken.
Google also announced earlier this month that APT42 had been using email phishing campaigns. In addition, OpenAI revealed that some of its accounts had been used by an Iran-based state actor group called Storm-2035 to create AI-based long-form articles and short posts to influence the election.