As a result of the SolarWinds hack, hackers managed to gain access to the accounts…
Interestingly, in an attempt to penetrate the networks of these organizations, which often have unique access to classified information, the attackers themselves pretend to be members of the media.
In their report, the researchers talk about several hack groups that at once posed as journalists or harassed them in 2021-2022.
For example, since the beginning of 2021, the Chinese group Zirconium (TA412) has been attacking American journalists with emails containing special trackers that tell the attackers that the messages have been viewed. This simple trick allowed attackers to learn the target’s IP address, from which they could obtain additional information, such as the victim’s location and ISP.
In April 2022, Proofpoint discovered another Chinese group (TA459) that attacked the media using RTF files that, when opened, infected the victim’s machine with Chinoxy malware. This group mainly attacked publications interested in the foreign policy of Afghanistan.
In addition, in the spring of 2022, North Korean hackers from the TA404 group were also seen attacking media workers and using fake job advertisements for this. Whereas Turkish attackers from the TA482 group organized campaigns to collect credentials, seeking to hack journalists’ social media accounts.
However, not all hackers try to break into journalists’ accounts. Instead, some pose as members of the media themselves to make contact with their targets. Proofpoint writes that this tactic is mainly used by Iranian hackers such as TA453 (this group is also known as Charming Kitten), who send letters to scholars and experts on Middle East politics, posing as journalists.
Another good example of such attacks is the TA456 (aka Tortoiseshell) group, which disguises their emails as newsletters from the Guardian and Fox, hoping this will help deliver the malware to the victims.
Chernars.com is a domain that tries to force you into subscribing to its browser notifications…
Eclipse-adblocker.pro is a site that tries to trick you into clik to its browser notifications…
Initiateadvancedcompletelythe-file.top is a site that tries to force you into subscribing to its browser notifications…
Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…
Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…
Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…