Cyberespionage actors have been one of the prime focuses of security experts since they are known for targeting high-risk people, such as journalists and media companies. These APT (advanced persistent threat) groups mostly come from China, Iran, Turkey, and North Korea and are known for attacking to harvest highly confidential state information and perform surveillance.
Last year, a threat group from China dubbed Zirconium or TA412 was found targeting journalists from the US using phishing emails that enclosed trackers that alert the group when the email was opened. Through this tactic, the hackers could obtain their target’s public IP address to help them collect more classified information.
TA412 was found deploying the same tactics against journalists last February, especially those writing on the ongoing war between Russia and Ukraine.
Another threat group known as TA459 was spotted last April targeting media reporters using RTF files enclosed on emails that drop malware once accessed. Media firms covering Afghanistan’s foreign policies are this group’s identified victims.
TA404, a North Korean-based threat group, were also discovered attacking media orgs through fake job opportunities. Meanwhile, a threat group from Turkey, TA482, had performed data theft against journalists to steal their social media accounts.
On the other hand, some threat groups, such as the TA453 (Charming Kitten), were seen masquerading as media orgs to trick their targets into opening malware-infected emails. Another group, TA456 (Tortoiseshell), employed a similar tactic by introducing themselves as media firms sending newsletters to spread malware.
The last most recently spotted group was the TA457, launching attacks against media firms from September 2021 to March 2022, transpiring every two to three weeks.
Security experts anticipate the same campaigns against journalists, media orgs, and other high-risk groups launched by the cyber espionage gangs through phishing and social engineering strategies. Thus, the targeted organisations must be more cautious about their online activities and be aware of suspicious messages from unknown sources.
