"State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns"

Since early 2021, many campaigns have been carried out by nation-state hacking groups affiliated with China, Iran, North Korea, and Turkey that target journalists to conduct espionage and spread malware. According to Proofpoint, phishing attempts aimed at journalists are commonly employed for espionage or to learn critical information about the inner workings of another government, business, or other sector of state-designated import. The enterprise security company claimed that the intrusions' ultimate objective is to get a competitive intelligence edge or spread propaganda and false information. According to Proofpoint, two Chinese hacking groups, TA412, also known as Zirconium or Judgment Panda, and TA459, were sending malicious emails containing weaponized documents and web beacons to media professionals in an effort to gather information about the recipients' network environments and spread Chinoxy malware. Similarly, the North Korean-linked Lazarus Group, also known as TA404, recently targeted an unnamed US-based media outlet with a job offer-themed phishing lure in response to the outlet's critical coverage of Kim Jong Un, demonstrating the threat actor's continued reliance on the method to further its goals. A pro-Turkey hacking gang known as TA482 has also targeted journalists and media outlets in the US. This group is connected to a credential harvesting attempt intended to steal Twitter credentials using fake landing sites. Proofpoint drew attention to attempts made by a number of Iranian Advanced Persistent Threat (APT) actors, including Charming Kitten, also known as TA453, to lure academics and policy experts into clicking on malicious links that lead the targets to domains used for credential harvesting. This article continues to discuss the targeting of journalists by nation-state hacking groups.

THN reports "State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns"