Connect with us

Hi, what are you looking for?

Cyber Security

Hackers pose as journalists to further their espionage operations

Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors.

The adversaries are either masquerading or attacking these targets because they have unique access to non-public information that could help expand a cyberespionage operation.

Recent targeting activity

Proofpoint analysts have been following these activities from 2021 and into 2022 and published a report about several APT groups impersonating or targeting journalists.

The China-linked threat actor known as ‘Zirconium’ (TA412) has been confirmed to target American journalists since early 2021 with emails containing trackers that alerted when messages were accessed.

This simple trick also allowed the threat actor to obtain the target’s public IP address from which they could gather more information such as location of the victim and the internet service provider (ISP).

Sample of phishing email sent by Chinese hackers
Sample of phishing email sent by Chinese hackers (Proofpoint)

By February 2022, Zirconium resumed campaigns targeting journalists with the same tactics, focusing mainly on those reporting about the Russia-Ukraine war.

In April 2022, Proofpoint observed another Chinese APT group tracked as TA459 targeting reporters with RTF files that dropped a copy of the Chinoxy malware when opened. This group targeted media interested in foreign policy in Afghanistan.

North Korean hackers of the TA404 group were also spotted targeting media personnel during the spring of 2022, using fake job postings as lures.

Finally, Turkish threat actors tracked as TA482 orchestrated credential harvesting campaigns that attempted to steal journalists’ social media accounts.

Fake Twitter account alert sent by Turkish hackers
Fake Twitter account alert sent by Turkish hackers (Proofpoint)

Impersonating journalists

However, not all hackers care to put in the effort to compromise journalist accounts. Instead, some cut corners and go straight to assuming reporter personas to reach out to their targets directly.

Proofpoint has seen this tactic mainly from Iranian actors like TA453 (a.k.a. Charming Kitten), who sent emails to academics and Middle East policy experts posing as reporters.

Email sample from a TA453 campaign
Email sample from a TA453 campaign (Proofpoint)

Another example is TA456 (aka Tortoiseshell), that also masquerades its emails as newsletters from the Guardian or Fox news, hoping for successful malware delivery to the target.

Fake newsletter documents laced with malware
Fake newsletter documents laced with malware droppers (Proofpoint)

Finally, Proofpoint highlights the activity of Iranian hackers TA457, who, between September 2021 and March 2022, launched media-targeting campaigns every two to three weeks.

APTs are expected to continue targeting journalists using phishing tricks, malware droppers, and various social engineering tactics.

Unfortunately, media organizations and their employees are open to the public and could become victims of social engineering that could lead to compromising their access to sensitive information.

Source: https://www.bleepingcomputer.com/news/security/hackers-pose-as-journalists-to-further-their-espionage-operations/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe...

Cyber Security

The Cyber Safety Review Board will assess how a hacking group reportedly linked to China leveraged a vulnerability in Microsoft Exchange Online to access...

Business News

DUBAI, United Arab Emirates (AP) — The United States and Iran reached a tentative agreement this week that will eventually see five detained Americans in Iran...

Business News

SAN DIEGO (AP) — Two U.S. Navy sailors were charged Thursday with providing sensitive military information to China — including details on wartime exercises,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO