Meta Platforms on Friday revealed the activities of an Iranian state-sponsored threat actor that used WhatsApp accounts to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. Among its targets were political and diplomatic officials, including figures associated with the Biden and Trump administrations.
The threat actor, known as APT42 or Charming Kitten, is believed to be linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). This group is notorious for using social engineering tactics to spear-phish victims and steal credentials. Recently, they targeted a prominent Jewish figure with malware called AnvilEcho.
The WhatsApp accounts associated with the adversary posed as technical support for various companies but were ultimately unsuccessful in their efforts. Meta has since blocked these accounts and advised affected users to secure their online accounts.
These developments coincide with the U.S. government’s formal accusations against Iran for meddling in U.S. elections and spreading propaganda to disrupt the electoral process.