Meta has blocked WhatsApp accounts involved in “a small cluster of likely social engineering activity” on the service. In its report, it has revealed that it traced the activity to APT42 (also called UNC788 and Mint Sandstorm), which the FBI previously linked to a phishing campaign that targeted members of the Trump and Harris camps. The company said that the suspicious activity on WhatsApp “attempted to target individuals in Israel, Palestine, Iran, the United States and the UK.” It also seemed to have focused on political and diplomatic officials, which included people associated with both presidential candidates.
The bad actors on WhatsApp pretended to be technical support representatives from AOL, Google, Yahoo and Microsoft, though Meta didn’t say how they tried to compromise their targets’ accounts. Some of those targets reported the activity to the company, which compelled it to start an investigation. Meta said it believes the perpetrators’ efforts were unsuccessful and that it has not seen any evidence that the targets’ accounts had been compromised. It still reported the malicious activity to law enforcement, though, and shared information with both presidential campaigns.
Earlier this month, Google also published a report detailing how APT42 has been targeting high-profile users in Israel and the US for years. The company said it observed “unsuccessful attempts” to compromise the “accounts of individuals affiliated with President Biden, Vice President Harris and former President Trump.” While Google described APT42’s attacks as “unsuccessful,” the group had successfully infiltrated the account of at least one high-profile victim: Roger Stone, who is a close political confidante of Trump. The FBI previously reported that he had fallen victim to the phishing emails sent by the Iranian hackers, who then used his account to send more phishing emails to his contacts.