Meta said Friday that it blocked a “small cluster” of WhatsApp accounts linked to an Iranian hacking group that was targeting officials associated with President Joe Biden and former President Donald Trump.
The company said in a blog post that the bogus WhatsApp accounts appeared to originate from the Iranian threat actor dubbed APT42, which other tech companies like Google previously described as an “Iranian state-sponsored cyber espionage actor.” The group has targeted various activists, non-government organizations, media outlets and others.
Meta said the scheme was intended to exploit “political and diplomatic officials, and other public figures, including some associated with administrations of President Biden and former President Trump.” The campaign also targeted people in Israel, Palestine, Iran and the U.K.
With less than 75 days until the November election, Meta is attracting increased public attention due to ways that Facebook has been exploited and manipulated in the two prior presidential campaigns. The company said it hasn’t seen any evidence that the accounts of any WhatsApp users were compromised, and it’s sharing more information with “law enforcement and our industry peers.”
Meta said its security team was able to spot APT42’s involvement after analyzing suspicious messages that an unspecified number of users reported receiving from the fraudulent WhatsApp accounts.
“These accounts posed as technical support for AOL, Google, Yahoo and Microsoft,” Meta said in the blog post. “Some of the people targeted by APT42 reported these suspicious messages to WhatsApp using our in-app reporting tools.”
The Trump campaign said earlier this month that a foreign actor had compromised its network and illegally obtained internal communications. Microsoft also said at the time that it identified several Iranian hacking groups that were attempting to influence the U.S. presidential election, and that a group affiliated with APT42 “sent a spear phishing email in June to a high-ranking official on a presidential campaign from the compromised email account of a former senior advisor.”
In 2019, Microsoft said it had identified several hackers linked to the Iranian government who were believed to have targeted an unspecified U.S. presidential campaign in addition to other government officials and media.
WATCH: Big Tech: too big to split