APT Targeting of Journalists and Media
Industry: Media | Level: Strategic | Source: Proofpoint
State-sponsored advanced persistent threat (APT) groups have a unique interest in targeting journalists and media members, due to their having unique access to sensitive information. Proofpoint's latest research details damages threat groups can inflict as "A well-timed, successful attack on a journalist’s email account could provide insights into sensitive, budding stories and source identification. A compromised account could be used to spread disinformation or pro-state propaganda, provide disinformation during times of war or pandemic, or be used to influence a politically charged atmosphere." The research from ProofPoint provides examples of threat actors aligned to state interests in China (TA412/Zirconium, TA459), North Korea (TA404), Iran (TA453/Charming Kitten), and Turkey (TA482), initiating sustained efforts to target media members to obtain access to sensitive information to manipulate public perceptions to their aligned country. Threat actors act in accordance with geopolitical events as observed from Chinese threat actors "adjusting lures to best fit the current US political environment and switching to target US-based journalists focused on different areas of interest to the Chinese government." Threat activity observed from the threat actor groups involved the use of web beacons for reconnaissance, credential harvesting, and sending malware to obtain access to the victim's network.