Foreign entities are back meddling with political parties as the US presidential election nears. In an announcement last Friday, Meta revealed that an Iranian hacker group targeted the WhatsApp accounts of individuals working in the administrations of President Joe Biden and former President Donald Trump.
State-Sponsored Sabotage: The IRGC Connection
Meta, the parent company of WhatsApp and Facebook, said it successfully blocked the activities of a small cluster of WhatsApp accounts posing as tech support. The hacker group responsible for the attack is APT42 group.
“This malicious activity originated in Iran and attempted to target individuals in Israel, Palestine, Iran, the United States, and the UK. This effort appeared to have focused on political and diplomatic officials and other public figures, including some associated with the administrations of President Biden and former President Trump,” Meta explained in their announcement. The APT42 group, also known as Mint Sandstorm, is a state-sponsored cyber-espionage group that operates on behalf of the Islamic Revolutionary Guard Corps (IRGC).
More evidence of the pervasiveness of Iranian hacking (Charming Kitten/APT42) activity aimed at US officials from both parties. Meta says it has blocked WhatsApp accounts that posed as tech support for Microsoft, Google, AOL, Yahoo to target WhatsApp users https://t.co/tzeaHr10o1
— Sean Lyngaas (@snlyngaas) August 23, 2024
According to Meta, the hackers tried to social engineer their targets by pretending to be tech support from Google and Microsoft, hoping to get them to reveal their account passwords. Meta said there’s no evidence the group succeeded in its attack but that it has shared information with law enforcement.
Besides targeting WhatsApp accounts, Iranian accounts have also targeted the email accounts of political associates. Earlier this month, Google said Iranian-affiliated groups were running a wide-ranging campaign to collect intelligence from current US officials and associates of Vice President Kamala Harris, President Biden, and Donald Trump.
Iran Government-Backed Cyber Group Attempts to Hack Israeli Officials and U.S. Presidential Elections: On Wednesday, Google released a threat analysis confirming that Iranian government-backed hackers targeted the election… https://t.co/0Uw3ahprDJ Visit https://t.co/d3046xxCA0 pic.twitter.com/G6oLf6Xr33
— iHLS Israel Homeland Security (@iHLS1) August 16, 2024
The U.S. government considers Iran as a significant adversary desperate to shape the outcome of November’s vote. “Iran perceives this year’s elections to be particularly consequential in terms of the impact they could have on its national security interests, increasing Tehran’s inclination to try to shape the outcome,” in a joint statement signed by US National Security and Intelligence Agencies.
According to Google researchers, the Iranian group has targeted the email accounts of dozens of associates in an ongoing attempt to log into the accounts of these officials. These malicious actors breached the email account of Republican consultant Roger Stone to collect intelligence on the Trump campaign. After the breach, the Trump campaign reported that its internal communications had been compromised and were being sent to news outlets through anonymous emails. These leaked communications included sensitive information about JD Vance, Trump’s running mate. The Trump campaign blamed Iran for the security breach.
With the 2024 elections approaching, US intelligence officials and security experts are bracing for potential foreign interference, wary of attempts to sway the outcome. They’re taking proactive steps to counter possible meddling and ensure the integrity of the electoral process.