Country-state hacking groups aligned with China, Iran, North Korea, and Turkey have been focusing on journalists to carry out espionage and spread malware as element of a sequence of strategies since early 2021.
“Most frequently, phishing attacks focusing on journalists are utilised for espionage or to achieve vital insights into the interior workings of a further authorities, organization, or other location of condition-selected import,” Proofpoint reported in a report shared with The Hacker Information.
The best purpose of the intrusions, the enterprise security organization claimed, is to achieve a aggressive intelligence edge or distribute disinformation and propaganda.
Proofpoint mentioned it determined two Chinese hacking teams, TA412 (aka Zirconium or Judgment Panda) and TA459, focusing on media staff with destructive email messages containing web beacons and weaponized files respectively that were being made use of to amass facts about the recipients’ network environments and drop Chinoxy malware.
In a equivalent vein, the North Korea-affiliated Lazarus Team (aka TA404) qualified an unnamed U.S.-based media firm with a work supply-themed phishing lure subsequent its critical protection of supreme chief Kim Jong Un, at the time once again reflective of the risk actor’s ongoing reliance on the method to even more its objectives.
U.S.-based journalists and media have also arrive beneath assault from a pro-Turkey hacking team regarded as TA482, which has been joined to a credential harvesting attack developed to siphon Twitter credentials through bogus landing webpages.
“The motivations guiding these campaigns […] could consist of working with the compromised accounts to goal a journalist’s social media contacts, use the accounts for defacement, or to unfold propaganda,” the scientists theorized.
Last of all, Proofpoint highlighted makes an attempt on the aspect of numerous Iranian APT actors this kind of as Charming Kitten (aka TA453) by masquerading as journalists to entice teachers and policy industry experts into clicking on destructive inbound links that redirect the targets to credential harvesting domains.
Also joining this list is a danger actor named Tortoiseshell (aka TA456 or Imperial Kitten) that’s claimed to have “routinely” impersonated media organizations like Fox News and the Guardian to mail publication-themed e-mail made up of web beacons.
The third Iran-aligned adversary to abide by an identical solution is TA457, which posed as an “iNews Reporter” to produce a .NET-centered DNS Backdoor to general public relations staff for corporations in the U.S., Israel, and Saudi Arabia.
The fact that journalists and media entities have come to be the locus of attacks is underscored by their ability to offer you “exclusive entry and facts,” building them beneficial targets for intelligence collecting efforts.
“A nicely-timed, profitable attack on a journalist’s email account could offer insights into delicate, budding stories and supply identification,” the scientists stated. “A compromised account could be employed to unfold disinformation or pro-point out propaganda, give disinformation in the course of periods of war or pandemic, or be made use of to impact a politically charged environment.”
Observed this report intriguing? Comply with THN on Fb, Twitter and LinkedIn to study additional unique content we write-up.
Some components of this report are sourced from: