Iranian Cyber-Spying Group Posed as Tech Support to Target U.S. Political Officials’ WhatsApp Accounts

Latest Developments

Facebook, WhatsApp, and Instagram’s parent company, Meta, reported on August 23 that it blocked a small cluster of WhatsApp accounts used by Iranian cyber-attackers to target officials associated with the administrations of President Joe Biden and former President Donald Trump. Meta’s investigation revealed that hackers with APT42 — a group associated with the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) — created a small network of WhatsApp accounts posing as technical support from AOL, Google, Yahoo, and Microsoft.

Meta discovered the attempts after individuals who received messages from the malicious accounts reported the suspicious messages. While Meta did not disclose other details about this campaign, adding that the most recent efforts were unsuccessful, APT42 has historically placed surveillance software on victims’ phones to record calls, steal text messages, and secretly turn on cameras and microphones. Meta said that the group also targeted individuals in Israel, elsewhere in the Middle East, and the United Kingdom. In addition to the activity covered in Meta’s report, other recently exposed Iranian efforts to influence the U.S. elections include attempts to hack presidential campaigns, apparent attempts to leak hacked materials, and a network of fake news websites targeting U.S. voters.

Expert Analysis

“Encrypted messaging platforms like WhatsApp can be a blind spot when it comes to combating cyber and influence operations. Due to the privacy that these platforms afford their users, if users don’t report malicious activity on these platforms, there is a good chance it might go undetected. This makes encrypted messaging platforms an ideal vehicle for Iran’s attempts to influence U.S. elections, as these platforms can help Iran steal data from campaigns to later leak online and can even allow Iran to reach out directly to U.S. voters with political messaging or intimidation tactics.” — Max Lesser, Senior Analyst on Emerging Threats, Center on Cyber and Technology Innovation

“Messaging applications have been a key vector for phishing, cyber operations, and other malign uses in past years. End-to-end encryption on these applications ensures the privacy of users and arguably promotes free speech and civil rights. The freedoms that democracies offer can and will be exploited by malign actors, and there is no silver bullet for this problem. Encrypted messaging platforms should educate their users on how malicious actors can compromise their accounts, without infringing on their users’ privacy.”— Ari Ben Am, Adjunct Fellow, Center on Cyber and Technology Innovation
ODNI, FBI, and CISA Release Joint Statement on Iranian Election Interference Efforts

Meta’s report comes less than a week after the Office of the Director of National Intelligence (ODNI), the FBI, and the Cyber and Infrastructure Security Agency (CISA) released a joint statement on Iran’s efforts to influence the U.S. elections. The agencies note that although Iran has a “longstanding interest in exploiting societal tensions” through cyber operations and other means, Tehran considers this year’s elections to be “particularly consequential” for its own national security interests, such that the Islamic Republic has more incentive to “shape the outcome.”

In the current election cycle, Iran has used cyberattacks in attempts to compromise individuals associated with the U.S. presidential campaigns of both parties, according to the statement. This cyber activity is “intended to influence the U.S. election process.” The statement also emphasizes that both Russia and Iran have used similar cyber-enabled influence operations against previous U.S. federal elections and other elections around the world.

Check Also

Russian Offensive Campaign Assessment, November 18, 2024

Russian officials continued to use threatening rhetoric as part of efforts to deter the United …