Already a subscriber? Make sure to log into your account before viewing this content. You can access your account by hitting the “login” button on the top right corner. Still unable to see the content after signing in? Make sure your card on file is up-to-date.
Meta reported that Iranian hackers targeted both Democratic and Republican presidential campaigns, as well as staff from the Biden and Trump administrations.
What’s the deal: According to Meta, Iranian hackers linked to the APT42 group targeted both Democratic and Republican presidential campaigns, as well as staff from the Biden and Trump administrations, through a phishing campaign on WhatsApp. The attackers posed as technical support from companies like AOL, Google, Yahoo, and Microsoft to steal credentials. Meta’s security team blocked the malicious activity after receiving user reports, preventing any account compromises. The attacks also extended to individuals in Israel, Palestine, Iran, and the United Kingdom.
What Meta is saying: In their report, Meta said, “We continue to monitor information coming from our industry peers, our own investigations and user reports and will take action if we detect further attempts by malicious actors to target people on our apps. We strongly encourage public figures, journalists, political candidates and campaigns to remain vigilant, take advantage of privacy and security settings, avoid engaging with messages from people they don’t know and report suspicious activity to us.”
Digging Deeper: Previous Iranian cyberattacks, often attributed to groups like APT42, have targeted a wide range of individuals and organizations globally, including political, military, and diplomatic figures. These attacks typically involve phishing campaigns designed to steal credentials and gather intelligence. Notable incidents include attempts to compromise Saudi military personnel, dissidents and human rights activists in Israel and Iran, U.S. politicians, and Iran-focused academics and journalists.
How “phishing” works: A phishing incident occurs when someone tries to trick individuals into revealing sensitive information, like passwords or credit card details, by pretending to be a trustworthy source, such as a bank or a popular website. This is often done through fake emails, messages, or websites that look legitimate but are actually designed to steal personal information.
