APT42’s Fake Support Agents on WhatsApp Target Political Officials
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Phishing
- Attack Complexity: Low
- Threat Risk: Low Impact/High Probability
Threat Overview
APT42 used fake WhatsApp accounts posing as technical support from AOL, Google, Yahoo and Microsoft companies to target individuals in Israel, Palestine, Iran, the United States and the United Kingdom. Targets included political and diplomatic officials, as well as public figures associated with the Biden and Trump administrations. The campaign, identified through user reports, included phishing attempts but did not result in account compromise. APT42 is known for phishing credential theft, with previous campaigns targeting public officials, activists and academics.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Sector | Dissident | Verified |
| Sector | Human Rights | Verified |
| Sector | Journalists | Verified |
| Sector | Military | Verified |
| Sector | Political | Verified |
| Region | Iran | Verified |
| Region | Israel | Verified |
| Region | Palestine | Verified |
| Region | United Kingdom | Verified |
| Region | United States | Verified |