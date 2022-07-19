Numerous investigative teams are currently working on the activities of APT groups in China, North Korea, Iran and Turkey. In this case, it has been stated that government-friendly media are targeted by these attackswith impersonation methods that are also landing in the United States media.





The act of attacking the media mainly has cyber espionage missions. In these countries that we have mentioned, the government-affiliated media may have sensitive information which is not made public due to censorship actions.

a constant investigation

The different Proofpoint analysts have been carrying out investigations throughout 2021 and 2022 publishing a report where all the activity of these APT hacker groups has been revealed. Specifically, it has been detailed that Zirconium has targeted numerous journalists in the United States since 2021 by sending mass emails to victims.





These simple emails have different trackers to be able to know when an activity is presented on them. when you open them public IP address can be accessed to collect extra information, since with this address you can know the location or the service provider. This was obviously accompanied by really attractive topics and content for news that can turn out to be interesting.

This practice gained strength again in 2022 with the campaigns towards the media that were reporting on the conflict between Russia and Ukraine. All these emails contained copies of malware that were activated when downloading the email with the aim of stealing the accounts of journalists in the internal networks of the different communication media.

In some cases they pose as journalists

But the evolution of this operation has finally come to want impersonating the identity of journalists. In this way it is about avoiding the fact of taking over your accounts by brute force. This was done mainly by sending emails to people with great power in Iran, posing as a highly reputable report such as Metro.





In this sense, massive email campaigns could be detected between September 2021 and March 2022. In addition, it is expected that this practice continue to attack numerous media outlets over the last few months. And the fact that journalists and the media are always in the public eye make them the “perfect” victim for social engineering practices.

Via | BleepingComputer