According to researchers following the activities of advanced persistent threat groups originating from countries including China, North Korea, Iran, and Turkey, journalists, and media organizations remain a constant target of state-aligned actors. Researchers noted that adversaries are either masquerading or attacking journalists and media organizations because they have unique access to non-public information that could help expand a cyberespionage operation. Researchers have published a report focusing on such attacks from 2021 into 2022. According to the report, in February 2022, Zirconium, a China-linked threat actor (known as TA412) has resumed its campaign against journalists, mainly targeting those who covered the Russia-Ukraine conflict.
Method
Additionally, in April 2022, another Chinese APT group (known as TA459) targeted reporters with RTF files which dropped a copy of the Chinoxy malware, targeting journalists who were interested in foreign policy in Afghanistan. Moreover, during the spring of 2022, a North Korean hackers’ group (known as TA404) targeted media personnel, using fake job postings as bait. Furthermore, Turkish threat actors (known as TA482) orchestrated campaigns to harvest credentials from journalists' social media accounts. Other groups impersonated reporters to reach out directly to targets. This tactic was primarily employed by Iranian actors (such as TA453, also known as Charming Kitten), who sent e
mails posing as journalists to academics and Middle East policy experts. Furthermore, the researchers highlight the activity of Iranian hackers’ group (known as TA457) who launched media-targeting campaigns every two to three weeks between September 2021 and March 2022.