On Friday, Meta Platforms joined Microsoft, Google, and OpenAI in revealing the activities of an Iranian state-sponsored threat actor, who reportedly utilized a set of WhatsApp accounts to target individuals in Israel, Palestine, Iran, the U.K., and the U.S.
This cluster of activities, originating from Iran, appeared to be directed at political and diplomatic officials, as well as other public figures, including some associated with the administrations of President Biden and former President Trump, according to Meta.
The social media giant attributed the campaign to a nation-state actor identified as APT42, also known as Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda, which is believed to be linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). This adversarial group is notorious for employing sophisticated social engineering tactics to spear-phish targets and steal their credentials through malware. Earlier in the week, Proofpoint reported that this threat actor had targeted a prominent Jewish figure with malware known as AnvilEcho.
Meta disclosed that the “small cluster” of WhatsApp accounts pretended to be technical support for AOL, Google, Yahoo, and Microsoft, although these attempts are thought to have been unsuccessful. These accounts have since been blocked.
“We have not seen evidence that their accounts were compromised,” stated the parent company of Facebook, Instagram, and WhatsApp. “We have advised those who reported to us to take precautions to secure their online accounts across the internet.
This development comes as the U.S. government formally accused Iran of attempting to disrupt U.S. elections.