Iranian Hacker Collective Targeting Politicians Exposed by Meta

Meta Platforms, the owner company of Facebook, Instagram, and WhatsApp, recently discovered an Iranian state-sponsored hacker group that was operating. The group is named APT42 and, among many other names, is called Charming Kitten and Mint Sandstorm.

It uses WhatsApp accounts to target individuals in many countries worldwide, including Israel, Palestine, Iran, the U.K., and the U.S. Most of these cyber attacks have been directed at political and diplomatic figures, among other public figures, around and within the current Biden administration and its predecessor, the Trump administration.

In addition, there is a connection between APT42 and Iran’s IRGC. It has the finesse of using state-of-the-art social engineering with deceptive campaigns, causing the victim to reveal their information. These would be spear-phishing campaigns to infect targets with malware and harvest credentials. Recently, cybersecurity firm Proofpoint reported that APT42 had tried to hack the computer of a prominent Jewish figure using AnvilEcho malware.

The specific campaign found by Meta involved a “small cluster” of WhatsApp accounts that falsely represented themselves as technical support for major tech companies, such as AOL, Google, Yahoo, and Microsoft. Despite those attempts, Meta said the campaign was largely unsuccessful, and there was no evidence to suggest the accounts were actually accessed. Even so, the company has made the out-of-an-abundance-of-caution decision to ban such nefarious accounts and advise the impacted parties to take additional steps to lock down their online accounts.