The hackers were identified as the same Iranian group identified by the U.S. intelligence community for targeting the Trump and Biden–Harris campaigns.
Meta stated on Aug. 23 that it has blocked a group of fake WhatsApp accounts connected to an Iranian hacker group that was identified as being behind the targeting of staffers working on U.S. presidential election campaigns.
The hackers were pretending to be tech support agents from well-known companies such as Google, Yahoo, and Microsoft and attempting to target high-profile individuals, including political figures in the United States, the UK, Israel, and Iran.
The scheme was uncovered after WhatsApp users reported suspicious messages, according to Meta. The attempts were part of a broader effort by APT42, a group known for phishing campaigns aimed at stealing online credentials.
Meta didn’t find any evidence that these targeted accounts were actually hacked. As a precaution, the company decided to share its findings with law enforcement and other tech companies.
The hacker group, also known as UNC788 and Mint Sandstorm, was previously linked to the targeting of people in the Middle East, including the Saudi military, dissidents, human rights activists from Israel and Iran, politicians in the United States, and Iran-focused academics, activists, and journalists around the world, according to Meta.
“We have not seen evidence of the targeted WhatsApp accounts being compromised, but out of an abundance of caution, we’re sharing our findings publicly, in addition to sharing information with law enforcement and our industry peers,” Meta said in a statement.
This week, the U.S. intelligence community stated that it was confident that Iranian actors were behind a hack of the presidential campaigns of both political parties as part of a broader effort “to interfere with the U.S. presidential election.”
Google has linked the same hacking group to Iran’s Revolutionary Guard. Earlier this month, the tech giant’s threat intelligence arm stated that the same Iranian group had attempted to infiltrate the personal email accounts of about a dozen people associated with President Joe Biden and former President Donald Trump since May.
Microsoft had also reported a suspected Iranian cyber intrusion in this year’s presidential election just days earlier.
The FBI has stated that the attempted hacking of U.S. presidential campaigns is not new and is part of “increasingly aggressive Iranian activity” during the current election cycle.
The Office of the Director of National Intelligence said in an IC assessment last month that Iranian groups are working to fuel distrust toward U.S. institutions and increase social discord. The assessment states that the groups have notably been stoking tensions over the Israel–Gaza conflict using “vast webs of online personas and propaganda mills to spread disinformation.”
Joseph Lord and The Associated Press contributed to this report.