News

Hackers Pretend to Be Journalists to Gain Access to Information

Proofpoint analysts write that hackers pretend to be journalists in order to get information from other journalists and the media. Journalists and media companies remain a constant target for attacks by government hackers (including those from China, North Korea, Iran, Turkey and Russia).

Let me remind you that we also wrote that, for example, Iranian hackers disguised themselves as an aerobics instructor, and also that Chinese Hack Group Twisted Panda Spies on Russian Defense Developments.

Interestingly, in an attempt to penetrate the networks of these organizations, which often have unique access to classified information, the attackers themselves pretend to be members of the media.

In their report, the researchers talk about several hack groups that at once posed as journalists or harassed them in 2021-2022.

For example, since the beginning of 2021, the Chinese group Zirconium (TA412) has been attacking American journalists with emails containing special trackers that tell the attackers that the messages have been viewed. This simple trick allowed attackers to learn the target’s IP address, from which they could obtain additional information, such as the victim’s location and ISP.

In April 2022, Proofpoint discovered another Chinese group (TA459) that attacked the media using RTF files that, when opened, infected the victim’s machine with Chinoxy malware. This group mainly attacked publications interested in the foreign policy of Afghanistan.

In addition, in the spring of 2022, North Korean hackers from the TA404 group were also seen attacking media workers and using fake job advertisements for this. Whereas Turkish attackers from the TA482 group organized campaigns to collect credentials, seeking to hack journalists’ social media accounts.

However, not all hackers try to break into journalists’ accounts. Instead, some pose as members of the media themselves to make contact with their targets. Proofpoint writes that this tactic is mainly used by Iranian hackers such as TA453 (this group is also known as Charming Kitten), who send letters to scholars and experts on Middle East politics, posing as journalists.

Another good example of such attacks is the TA456 (aka Tortoiseshell) group, which disguises their emails as newsletters from the Guardian and Fox, hoping this will help deliver the malware to the victims.

The researchers conclude that government hackers will continue to attack journalists and the media through phishing, social engineering and other similar tactics. At the same time, the goals of hackers can be different, from the desire to collect confidential information to attempts to manipulate public opinion. The fact is that the knowledge and access that a journalist or news agency can provide is often unique and very valuable.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Chernars pop-up ads (Virus Removal Guide)

Chernars.com is a domain that tries to force you into subscribing to its browser notifications…

18 hours ago

Remove Eclipse-adblocker.pro pop-up ads (Virus Removal Guide)

Eclipse-adblocker.pro is a site that tries to trick you into clik to its browser notifications…

18 hours ago

Remove Initiateadvancedcompletelythe-file.top pop-up ads (Virus Removal Guide)

Initiateadvancedcompletelythe-file.top is a site that tries to force you into subscribing to its browser notifications…

18 hours ago

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

3 days ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

3 days ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

3 days ago