The Iranian hacker group accused of targeting both U.S. parties’ presidential campaigns earlier this year also sent WhatsApp messages trying to trick members of the current Biden and former Trump administrations, Meta said Friday.
The campaign began earlier this year and stopped before President Joe Biden dropped out of the presidential race last month, a Meta spokesperson said. The Iranian group, often referred to as “Mint Sandstorm,” used fewer than 10 accounts to target several dozen people around the world including public figures and political and diplomatic officials, the spokesperson said.
The WhatsApp accounts claimed to be tech support for companies like AOL, Google, Yahoo and Microsoft, according to a Meta blog post. The company learned of the campaign after several people who had received the messages reported them as potential phishing efforts.
The WhatsApp messages appeared to be a social engineering operation, where a hacker tries to gain the trust of a victim to pivot to another stage of an operation, like gaining access to their company or email account.
The U.S. government and Google have said in the past week that a persistent cyberespionage group associated with Iran’s Islamic Revolutionary Guard Corps targeted both parties’ presidential campaigns and successfully hacked former President Donald Trump’s. The Harris campaign has said it was not breached.
A spokesperson for Iran’s mission to the United Nations did not immediately respond to an email asking for comment. In a statement earlier this week, the mission issued a statement denying Iran had interfered in the U.S. election.
Like other major state-affiliated cyberespionage groups, the IRGC hackers go after a wide variety of targets. NBC News reported Friday the state of Utah privately circulated a warning last month that the same group had tried to hack state data around oil, gas and other geological research data.
The same WhatsApp campaign also targeted users in Iran, Israel, Palestine and the United Kingdom, Meta said.
Companies like Microsoft and Google routinely take down accounts that they say are affiliated with groups like the IRGC hackers. Identifying such campaigns on WhatsApp is more difficult, however, because WhatsApp messages all use end-to-end encryption, meaning Meta can only view what they say if a user forwards them to the company.
The Iran operation was discovered after multiple users who received the fake tech support messages reported them as suspicious, Meta said.
Meta said it had not seen evidence any accounts had been compromised. However, the company would not necessarily know if a victim fell for the WhatsApp messages and gave the hackers other valuable information.
After Iran’s successful hack of the Trump campaign, three U.S. media outlets — Politico, The Washington Post, and The New York Times — all received an email with documents stolen from the campaign. The tactic appears to have been a “hack-and-leak” operation, similar to how Russian intelligence hacked Democrats and the Hillary Clinton campaign in 2016 and spread files around the internet, notably through WikiLeaks.
Unlike in 2016, however, the three news outlets did not give the hacked documents significant coverage. It’s unclear whether or how more of the hacked Trump files will surface before Election Day.
This article was originally published on NBCNews.com
