Meta Platforms disclosed on Friday that it had become the latest company to expose the activities of an Iranian state-sponsored threat actor. The actor used a set of WhatsApp accounts that sought to target individuals in Israel, Palestine, Iran, the UK, and the US.
This threat group, originating in Iran, focused on political and diplomatic officials, as well as other public figures, including some associated with both the Biden and Trump administrations, according to Meta. The social media attributed this to an APT42 state actor, also known as Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda, estimated to be linked to the Islamic Revolutionary Guard Corps (IRGC) of Iran.
The adversary is known for using sophisticated social engineering lures to spear-phish targets with malware and steal their credentials. Proofpoint later revealed that the threat actor targeted a prominent Jewish figure to infect their machine with malware called AnvilEcho.
Meta stated that the «small group» of WhatsApp accounts posed as AOL, Google, Yahoo, and Microsoft tech support, although the efforts are believed to have been unsuccessful. The accounts have since been blocked.
«We have not seen evidence that their accounts have been compromised,» said the parent company of Facebook, Instagram, and WhatsApp. «We have encouraged those who reported to us to take steps to ensure their online accounts are secure across the internet.»
This development comes after the US government formally accused Iran of seeking to undermine US elections, stoke divisive opinions among the American public, and undermine confidence in the electoral process by amplifying propaganda and gathering political intelligence.
Vía The Hacker News
