Meta Blocks Iranian Hackers Posing as Tech Support on WhatsApp

Meta, the parent company of Facebook, Instagram, and WhatsApp, announced that it blocked a small cluster of accounts on WhatsApp. These accounts were masquerading as tech support agents and were linked to Iranian hackers. The group had also launched email phishing attacks aimed at individuals associated with US political figures, including President Joe Biden, Vice President Kamala Harris, and former President Donald Trump.

Although there is no evidence that these WhatsApp accounts were successfully compromised, Meta stated that it shared the information with law enforcement and other tech companies. Earlier, Iran was formally accused by the US of attempting to subvert the presidential elections.

In a joint statement issued on August 19 by the Office of the Director of National Intelligence, the FBI, and the federal cybersecurity agency CISA, it was noted that Iran sees the US elections as highly significant for its national security interests, leading to increased efforts to influence the outcome. The statement highlighted aggressive Iranian activities, including influence operations targeting the American public and cyber operations aimed at presidential campaigns.

The upcoming US presidential election in November pits Democratic candidate Vice President Kamala Harris against Republican candidate and former President Donald Trump. Meta disclosed on August 23 that the recent malicious activities originated in Iran and aimed at individuals in Israel, Palestine, Iran, the United States, and the UK. The hackers impersonated technical support for AOL, Google, Yahoo, and Microsoft.

Meta's security teams blocked a small cluster of likely social engineering activities on WhatsApp after investigating user reports. These hackers attempted to deceive targets into revealing sensitive information such as account passwords. The campaign was identified after some targets reported suspicious messages to WhatsApp.

Meta's investigation linked the hacking attempts to APT42, an Iranian threat actor known for persistent adversarial campaigns using basic phishing tactics to steal credentials. Meta had previously reported on the group's activities targeting individuals in West Asia, including Saudi military personnel, dissidents, and human rights activists, as well as US politicians and Iran-focused researchers.

(With inputs from agencies.)