State-backed hackers target journalists in espionage campaigns

State-backed hackers target journalists in espionage campaigns

These nation-state hacking groups have been targeting journalists for espionage and spreading malware as part of several campaigns since the beginning of 2021 when they first began targeting the media.

To gain access to another government, company, or other area of state-designated importance, "phishing attacks targeting journalists are most commonly used," Proofpoint said in a report.

According to the security firm, the ultimate goal of the intrusions is to gain a competitive intelligence advantage or spread propaganda and disinformation.

Two Chinese hacking groups, TA412 (also known as Zirconium or Judgment Panda) and TA459, have been identified by Proofpoint as having targeted media personnel with malicious emails containing web beacons and weaponized documents, respectively.

State-backed hackers target journalists in espionage campaigns

An unnamed U.S. media outlet was targeted by the North Korea-affiliated Lazarus Group (TA404) after it published critical coverage of supreme leader Kim Jong Un, once again reflecting the threat actor's continued reliance on the technique to achieve its goals.

A pro-Turkey hacking group known as TA482 has been linked to a credential harvesting attack designed to steal Twitter credentials via bogus landing pages targeting journalists and the media in the United States.

State-backed hackers target journalists in espionage campaigns

For example, hackers could target journalists' social media contacts, deface their websites, or disseminate propaganda using compromised accounts, the researchers hypothesized.

Finally, Proofpoint highlighted attempts by multiple Iranian APT actors, such as Charming Kitten (aka TA453), to entice academics and policy experts to click on malicious links that redirect the targets to credential harvesting domains by masquerading as journalists.

Tortoiseshell (aka TA456 or Imperial Kitten), a threat actor who has "routinely" impersonated media organizations like Fox News and the Guardian, has also been added to the list.

TA457, a third Iranian-aligned adversary, posed as a "iNews Reporter" to deliver a.NET-based DNS backdoor to public relations staff for companies in the United States, Israel, and Saudi Arabia.

By virtue of having "unique access and information," journalists and media organizations have become prime targets for assassination attempts because of their vulnerability.

If an email account belonging to a journalist is breached at the right time, researchers say it could reveal sensitive stories and the identity of their sources. In times of war or pandemic, a compromised account could be used to disseminate pro-state propaganda, or to influence a politically charged atmosphere."


Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post