State-Backed Phishing Attacks Target US Journalists: Report

By Mary Hong
Mary Hong
Mary Hong
Mary Hong has contributed to The Epoch Times since 2020. She has reported on Chinese human rights issues and politics.
July 15, 2022 Updated: July 16, 2022

Hackers from China, North Korea, Iran, and Turkey are routinely targeting U.S. journalists and media for their state-aligned purposes, according to a report by Proofpoint, a Sunnyvale based enterprise cybersecurity company.

The media and journalists have been easy targets of cyber activities “for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated import,” said the report on July 14.

Targeting Work Email Accounts

When targets open a phishing email containing a malicious attachment—a malware used as a backdoor to gain persistence on a victim’s machine—the compromised account “could be used to spread disinformation or pro-state propaganda, provide disinformation during times of war or pandemic, or be used to influence a politically charged atmosphere” said the article.

In the data collected by Proofpoint, the worldwide attempt to target or leverage journalists and media personas in a variety of campaigns, including those well-timed to sensitive political events in the United States, started in early 2021.

In particular, Chinese hackers targeted U.S.-based journalists who notably covered U.S. politics and national security during events that gained international attention.

Targeting Social Media Accounts

According to the report, besides journalists’ work email accounts as the most common locus of attack, targeting social media accounts of journalists and their media can also have significant consequences.

For example, in 2013 the stock market dropped more than 100 points in roughly two minutes following a hacker taking over the official Associated Press Twitter account and posting a tweet claiming President Barack Obama had been injured in an attack on the White House, said the report.

President Barack Obama speaks at the White House Summit on Cybersecurity and Consumer Protection at Stanford University in Palo Alto on Feb. 13, 2015. (Nicholas Kamm/AFP/Getty Images)
President Barack Obama speaks at the White House Summit on Cybersecurity and Consumer Protection at Stanford University in Palo Alto on Feb. 13, 2015. (Nicholas Kamm/AFP/Getty Images)

 

Impersonation

Another tactic used by the hackers includes posing as a journalist to lure academics and foreign policy experts worldwide with the possibility of public recognition. The report believes that it’s “likely in an effort to gain access to sensitive information.”

Suggestions

Proofpoint concluded that from intentions to gather sensitive information to attempts to manipulate public perceptions, the knowledge and access that a journalist or news outlet can provide is unique in the public space.

The report suggests that journalists be “aware of the broad attack surface—all the varied online platforms used for sharing information and news”—to prevent oneself from becoming a victim; and “ultimately, practicing caution and verifying the identity or source of an email can halt a hacker’s attack in its nascent stage.”

Mary Hong
Mary Hong has contributed to The Epoch Times since 2020. She has reported on Chinese human rights issues and politics.