Earlier this month, Meta Platforms announced that it had disrupted a new campaign with ties to an Iranian state-sponsored group, after a significant inclination toward such action from the likes of Microsoft Google and even OpenAI now. Meta has disclosed that these attackers exploited WhatsApp accounts to hack into several individuals’ phones situated in Israel, Palestine, Iran the UK and the USA.
Of Iranian origin, this operation targeted political and diplomatic officials along with various public faces. The firm said some of these objectives had links to the presidencies of Biden and ex-Biden President Trump.
Meta blamed this on a nation-state actor called APT42. Other names for the group include Charming Kitten, Damselfly & Mint Sandstorm (formerly Phosphorus) and TA453 or Yellow Garuda. The organization is mostly accepted to be supported by Iran’s Islamic Revolutionary Guard Corps (IRGC).
APT42 shows more advanced skills in the social engineering mode of operations. Their tactics include spear-phishing campaigns in which they generally send carefully crafted messages to trick the recipient into downloading malware or revealing login information. Late this week, another company. Proofpoint published a report on APT42 targeting agent systems in the United States to install its AnvilEcho malware against protected persons and their family members.
In the case of Meta disclosed report, a limited number were developed masquerading to represent AOL, Google, Yahoo and Microsoft as offering corporate technical support WhatsApp accounts. These fake accounts were created in hopes of duping innocent people into believing the assistance was genuine. But Meta supposedly shut down these messages before they could spread, or was far too late to stop their further use but is now blocking the accounts that did so.
There’s no evidence at this time that users’ accounts are impacted by the event, the company said. Meta also advised people who reported these “suspicious” to secure their online accounts on multiple platforms.
The disclosure from Meta comes as the U.S. government has articulated allegations against Iran over its campaign to interfere in U.S. elections, amplify divisive views among American citizens and sow distrust about the integrity of America’s voting system. Such allegations include charges that Iran is carrying out disinformation and political spying to fulfil those acts of destabilization.
Originally found several weeks ago, Meta’s identification of Iran’s state-sponsored threat actor use of WhatsApp accounts illustrates the persistence of nation-state cyber activity. This would effectively help Meta in the protection of its users and provide support to cybersecurity at large by tracing these accounts. It provides a great reminder as to how vigilant and proactive we need about security both personally and in business. Tech companies need to work closely with government agencies as cyber threats evolve, resulting in espionage and influence operations that threaten democratic processes and public trust.
Observations of APT42 (also known as Charming Kitten and various other aliases) which is linked with Iran’s Islamic Revolutionary Guard Corps. They run sophisticate cyber-espionage and phishing attacks.
Meta found APT42 had employed Iranian WhatsApp accounts to hook individuals from different corners of the world. The majority of these accounts claimed to be related technical support for companies like AOL, Google, Yahoo and Microsoft.
That said, Meta has not found any evidence that user accounts were targeted or impacted in this incident. They have said it is advising the limited number of affected users to protect their online accounts.
If you receive a suspicious message offering to help, exercise caution: verify the sender before clicking any links using additional contact methods like phone calls or SMS messages and always keep your passwords strong, unique supported by 2FA.
The digitally targeted actions mirror U.S. allegations that Iran is attempting to interfere in the US election, stoke discord and spread disinformation. These fears are backed by Meta that highlighted the brutal activities on its platform.