Meta Platforms on Friday became the latest company to follow Microsoft, Google and OpenAI to expose the activities of an Iranian state threat actor it said was using a set of WhatsApp accounts that attempted to attack individuals in Israel, Palestine, Iran, the UK and the US
The cluster of activity that originated in Iran “appears to have focused on political and diplomatic officials and other public figures, including some associated with the administrations of President Biden and former President Trump,” Meta said.
The social media giant attributed it to a nation-state actor with the alias APT42, who is also known as Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453 and Yellow Garuda. He is believed to be affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC).
The adversarial collective is well known for using sophisticated social engineering lures to trick targets with malware and steal their credentials. Earlier this week Proofpoint revealed that a threat actor targeted a prominent Jewish figure to infect their machine with malware called AnvilEcho.
Meta said a “small cluster” of WhatsApp accounts masqueraded as technical support from AOL, Google, Yahoo and Microsoft, although the effort is believed to have been unsuccessful. The accounts have since been suspended.
“We have seen no evidence that their accounts have been hacked,” the parent company of Facebook, Instagram and WhatsApp said in a statement. “We advised those who notified us to take steps to ensure the security of their online accounts.”
The development takes place as a formal US government accused Iran is attempting to disrupt the US election, inflame the American public and undermine confidence in the electoral process by increasing propaganda and political intelligence gathering.
