WhatsApp Disables Operation of Iranian Cybercriminals Infiltrating Trump, Biden Election Efforts
Loose Cannon::: Unedited Assistance
Meta's screws tightened on a handful of WhatsApp accounts suspected of Iranian origin that weren't exactly playing fair with the inner circle of former Prez Donald Trump and the current honcho, Joe Biden. The tech titan laid down the law on a Friday, as per their online statement. Previous attempts to hack both political heavyweights, according to US intel drops earlier in the week, were by the same Old Chap. But it's undecided if these ops were rooted in one slick cat-and-mouse game.
These rogue Iranian hackers, christened APT42 (or UNC788, or Mint Sandstorm by our cyber pals), are renowned for some low-key social engineering antics in order to pilfer high-value assets. Some of their targets included folks with connections to the Biden and Trump administrations, but Meta remained vague beyond that.
Targets expanded to unmentioned figures in the Middle East's military realm, human rights activists in Israel and Iran, researchers focusing on Iran, global activists and journos, and more, as per Meta's statement. The tech firm dove to the feds in the US over the attempted phishing against Biden and Trump due to the impending election's pulsating threat environment.
"These accounts masqueraded as tech support for AOL, Google, Yahoo, and Microsoft," Meta divulged. "Folks targeted by APT42 reported these shady messages to WhatsApp via our in-app reporting tools. This helped us probe this new snooping scheme and link it to the same hacking team that's behind earlier attempts at political, military, diplomatic, and other VIPs, as now-you-see-it, now-you-don't whispers from our peeps at Microsoft and Google hinted."
The phishing maneuvers were flagged swiftly, allowing Meta to believe that the APT42 group flopped on capturing the accounts they set their sights on. But with cyber spies, you just never know where they'll resurface. In an attempt to keep the genie in the bottle, Meta advises anyone potentially marked as a cyber-espionage morsel to stay alert and flag anything that smells fishy.
"We're keeping our eyes peeled for information from our industry pals, our private inquiries, and user reports and will jump into action if we spot further attempts by these cockroaches to invade people on our apps," Meta warned. "Stay vigilant, leverage privacy and security settings, steer clear of messages from strangers, and report anything fishy," they advised political bigwigs, journalists, candidates, and campaigns.
Shadowy Deals::: Enrichment Info
The insight provided doesn't directly dive into APT42 or UNC788. However, Mint Sandstorm is a screen name for APT35, a state-sponsored Iranian cyberwarfare crew. Here's the rundown on APT35 (Mint Sandstorm) and their exploits, associated with known Iranian threat actors:
Mint Sandstorm (APT35) and APT42
- Mint Sandstorm (APT35):
- History and Targets: APT35, also known as Phosphorus or Charming Kitten, has been oozing around since at least 2014. They're famous for targeting IT service providers, third-party contractors, and supply chains to bypass direct security controls[1].
- Notable Attacks: APT35 was fingered in attacks on HBO in 2017, leading to a major data leak[1]. They've also dabbled in the hacking of email accounts linked to US presidential campaigns, government officials, journalists, and prominent Iranians[1].
- APT42 and UNC788:
- No specific info on APT42 or UNC788 regarding attacks on the political campaigns of former President Donald Trump or current President Joe Biden is available in the provided search results.
With limited specifics about APT42 and UNC788, it's crucial to consult broader cybersecurity databases or reports from reputable intel sources for the most authentic and up-to-date information on their operations.
- The Iranian state-sponsored cyberwarfare group, APT35 (also known as Mint Sandstorm or Charming Kitten), has a history of targeting IT service providers, third-party contractors, and supply chains to bypass direct security controls since at least 2014.
- APT35 was involved in the hacking of email accounts linked to US presidential campaigns, government officials, journalists, and prominent Iranians, as well as attacks on HBO in 2017, resulting in a significant data leak.
- The connection between APT35 and the tech group APT42 (or UNC788) is not extensively covered in the provided search results with regards to their operations against the political campaigns of former President Donald Trump and current President Joe Biden.
- To acquire the most accurate and updated information about APT42, UNC788, or other cyber threat groups, it is advisable to consult broader cybersecurity databases or reputable intelligence sources.
