Iranian State-Backed APT42 Targeted Officials of the Biden and Trump Administrations via WhatsApp

• Meta announced that it blocked a cluster of suspicious WhatsApp accounts linked to Iran.
• The accounts’ users were impersonating tech support agents and tried to communicate with Biden and Trump staffers.
• This incident was identified as part of the Iranian state-backed threat actor APT42 U.S. elections influence campaign.

An Iranian cybercriminal gang targeted the WhatsApp accounts of staffers in the administrations of President Joe Biden and former President Donald Trump, posing as support agents for tech companies, Meta Platforms said on Friday. 

Meta’s security teams linked the activity to the Iranian state-backed threat actor APT42 that targeted both the Democratic and Republican presidential campaigns in recent months.

After a series of reports of suspicious WhatsApp messages, Meta discovered and blocked the network of hackers impersonating tech support agents for companies like AOL, Microsoft, Yahoo, and Google. 

This group attempted to target individuals in Israel, Palestine, Iran, the U.S., and the U.K., focusing on political and diplomatic officials and other public figures, according to the report, which also adds not seeing evidence of the targeted WhatsApp accounts being compromised.

The FBI said the hack by Iran of the Trump campaign and an attempted breach of the Biden-Harris campaign was part of a broader Iranian operation aiming to interfere with the upcoming U.S. presidential election.

This month, OpenAI identified and blocked several Iranian accounts that employed ChatGPT in an influence operation focused on the U.S. elections to create conflictual content targeting Democrats and Republicans alike by rewriting news articles from legitimate sources and other people’s comments on social media.

In May, Iranian government-backed hackers breached the account of a county-level official with minimal access permissions and tried infiltrating the account of an important official via spear-phishing a few weeks after that.

Iranian state-backed threat actor APT42, associated with Iran’s Islamic Revolutionary Guard Corps (IRGC), was confirmed to target high-profile accounts of both political campaigns connected to the upcoming U.S. presidential election. The U.S. State Department identified six IRGC-linked Iranian security officials reportedly responsible for the cyberattacks on U.S. water utilities in 2023.

A network of at least 5,000 fake X accounts focusing on divisive U.S. political issues that seem to be operated by AI is allegedly part of a disinformation campaign connected to China.