On Friday, Meta reported potential hacking attempts on the WhatsApp accounts of US officials by Iranian actors amidst growing concerns over Tehran’s interference in US elections.
These officials are associated with both President Joe Biden and former President Donald Trump. The company attributed these attempts to APT42, an Iranian hacker group widely believed to be linked to an intelligence division within Iran's military. This group has a history of conducting invasive surveillance operations, often targeting political figures and activists abroad.
According to Meta, the parent company of Facebook, Instagram, and WhatsApp, the hacking attempts were identified as part of a "small cluster of likely social engineering activity on WhatsApp." The attackers reportedly posed as technical support representatives from companies like AOL, Google, Yahoo, and Microsoft to gain unauthorized access. However, Meta intervened quickly, blocking the accounts after they were flagged as suspicious. There is no evidence that any targeted WhatsApp accounts were successfully compromised.
Earlier this month, Microsoft and Google reported attempts to breach US presidential campaigns ahead of the November election. The hackers appeared to have focused their efforts on political and diplomatic officials, business leaders, and other public figures in the US, Israel, the Palestinian territories, and the UK.
Last week, US intelligence agencies, including the FBI, the Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency (CISA), issued a joint statement confirming Iranian state actors' involvement in recent cyberattacks targeting former President Trump's campaign. The statement highlighted an escalation in Iranian efforts to interfere with the ongoing election cycle, particularly through influence operations and cyber activities aimed at compromising presidential campaigns from both political parties.
According to a Friday report by Reuter, APT42, also known in the cybersecurity community as "Charming Kitten," is notorious for its sophisticated cyber espionage operations. The group has a well-documented history of placing surveillance software on the mobile phones of its targets, enabling them to record calls, steal texts, and even activate cameras and microphones remotely. This invasive approach poses a significant threat, especially given the group's focus on high-value targets in Washington and Israel.
Researchers from Mandiant, a leading US cybersecurity firm, told Reuters about the physical dangers of APT42's activities. There are documented cases where the group's cyber-surveillance preceded the physical targeting of Iranian activists and protesters, some of whom were subsequently imprisoned or threatened in Iran.
Tehran has consistently denied involvement in these cyber activities. In response to the recent US intelligence report attributing the Trump campaign hack to Iranian state actors, Iran's mission to the United Nations in a statement last week described the allegations as "unsubstantiated and devoid of any standing." It emphasized that Iran has neither the intention nor the motive to interfere in the US presidential election and challenged the US to provide concrete evidence of the alleged interference.
These developments seem to be part of a broader pattern of increasing Iranian cyber activities aimed at influencing the US presidential election. Reports from earlier this summer also suggested that Iran had devised a scheme to assassinate Trump, though Tehran has denied these allegations as well.