Meta has taken decisive action by removing WhatsApp accounts connected to a group of Iranian hackers who allegedly aimed to interfere with the US election. This action followed the discovery of what Meta described as “a small cluster of likely social engineering activity” on its platform. The company traced this activity back to APT42, also known as UNC788, and Mint Sandstorm, a group previously linked by the FBI to a phishing campaign targeting members of the Trump and Harris election camps.
Iranian hackers target global officials
The suspicious activity on WhatsApp was not limited to the United States. According to Meta’s report, the hackers attempted to target individuals in Israel, Palestine, Iran, the United States, and the United Kingdom. They focused mainly on political and diplomatic officials, including people connected to both US presidential candidates.
In their attempts to deceive, the hackers masqueraded as technical support representatives from well-known companies such as AOL, Google, Yahoo, and Microsoft. While Meta did not detail the methods used to try and compromise the accounts, it was clear that the hackers were persistent. Some of the targeted individuals reported the suspicious activity to Meta, prompting the company to investigate.
Meta’s response and law enforcement involvement
Meta has stated that it believes the hackers failed to compromise any accounts. However, despite the apparent failure of these attempts, Meta still deemed it necessary to report the malicious activity to law enforcement. Additionally, the company shared its findings with the Trump and Harris campaigns to ensure they knew the potential threats.
This proactive approach is part of a broader effort by Meta and other technology companies to safeguard the integrity of political processes and prevent foreign interference. Meta’s swift action in removing these accounts underscores the ongoing threat posed by cyber actors seeking to influence elections and political affairs globally.
Google’s findings and the broader threat
Earlier in the month, Google also released a report highlighting APT42’s ongoing efforts to target high-profile individuals in both Israel and the United States. According to Google, the group has attempted to compromise the accounts of people associated with President Biden, Vice President Harris, and former President Trump for several years. While Google described these attempts as “unsuccessful,” there has been at least one notable exception.
Roger Stone, a close political confidante of former President Trump, was reportedly a victim of APT42’s phishing emails. The FBI revealed that after gaining access to Stone’s account, the hackers used it to send further phishing emails to his contacts, demonstrating the potential dangers these groups pose, even when initial attacks appear unsuccessful.
Meta and Google’s coordinated efforts to expose and thwart these cyber threats highlight the ongoing battle between tech companies and foreign actors trying to meddle in political affairs. While the immediate threat may have been neutralised, these companies’ vigilance remains crucial in protecting the democratic process from digital interference.
