Security News > 2022 > July > State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns

Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021.

"Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated import," Proofpoint said in a report shared with The Hacker News.

Proofpoint said it identified two Chinese hacking groups, TA412 and TA459, targeting media personnel with malicious emails containing web beacons and weaponized documents respectively that were used to amass information about the recipients' network environments and drop Chinoxy malware.

U.S.-based journalists and media have also come under assault from a pro-Turkey hacking group known as TA482, which has been linked to a credential harvesting attack designed to siphon Twitter credentials via bogus landing pages.

"The motivations behind these campaigns could include using the compromised accounts to target a journalist's social media contacts, use the accounts for defacement, or to spread propaganda," the researchers theorized.

Lastly, Proofpoint highlighted attempts on the part of multiple Iranian APT actors such as Charming Kitten by masquerading as journalists to entice academics and policy experts into clicking on malicious links that redirect the targets to credential harvesting domains.

News URL

https://thehackernews.com/2022/07/state-backed-hackers-targeting.html