Google technical support imposters attempted to hack WhatsApp accounts of Trump and Biden staffers

Meta says it's working overtime to protect people – and especially WhatsApp users – from malicious online attacks. This time, someone posing as a Google technical support personal attempted to target some people associated with the administration of Donald Trump and Joe Biden.

In a recent update on threat disruption efforts, new insights were shared by Meta regarding a small cluster of suspected social engineering activity on WhatsApp. This activity, which was blocked by security teams after being reported by users, originated in Iran and was aimed at individuals in Israel, Palestine, Iran, the United States, and the United Kingdom. The primary targets appeared to be political and diplomatic officials, the report states.

The investigation connected this activity to APT42 (also known as UNC788 and Mint Sandstorm), an Iranian threat group known for its consistent use of phishing techniques to steal credentials from online accounts. Previous research has shown APT42 targeting a wide range of individuals, including Saudi military personnel, dissidents, human rights activists from Israel and Iran, US politicians, and academics, activists, and journalists focused on Iran.

The accounts involved in this campaign impersonated technical support for companies like AOL, Google, Yahoo, and Microsoft. Several individuals who received these suspicious messages reported them through WhatsApp's in-app tools. These reports led to the identification of the campaign and linked it to the same group behind similar efforts against political, military, diplomatic, and other officials, as noted by companies like Microsoft and Google.

The quick action of users in reporting these messages indicates that the attempts were likely unsuccessful, with no evidence suggesting any accounts were compromised. The individuals who reported the activity have been advised to take additional steps to secure their online accounts.

Given the increased threat environment ahead of the US election, information about this activity was also shared with law enforcement and presidential campaigns to raise awareness of potential threats.

The monitoring of potential threats continues through collaboration with industry partners, internal investigations, and user reports, with appropriate measures being taken when further malicious activities are identified.

It is recommended that public figures, journalists, political candidates, and campaign staff remain alert, use security and privacy settings, avoid interacting with unknown messages, and report any suspicious behavior.

In my humble opinion, though, we're just entering the hacking era, and we're about to experience a surge in increasingly sophisticated cyber attacks. As technology evolves, both the methods used by hackers and the stakes involved will likely escalate, making cybersecurity more critical than ever.

Cyber espionage actors often target individuals online to gather intelligence, manipulate them into revealing sensitive information, or compromise their devices and accounts. When these activities are detected and disrupted, the responsible accounts are disabled, and their domains are blocked from the platform. Notifications are also sent to those who may have been targeted.