Advanced persistent threat (APT) groups have increasingly targeting journalists since 2021.
According to a report, groups aligned with China, North Korea, Iran, and Turkey are targeting the email and social media accounts of journalists via phishing attacks.
How do APTs craft their phishing attacks?
Nearly all attacks involved social engineering in order to lower their victims’ guards. Nowadays, people have their guards up, so threat actors can’t send their targets to a phishing page too soon.
To adapt to the new landscape, threat actors are playing the long game, and it works.
Threat actors would send emails and social media messages on topics related to the target’s area of expertise, to further lure them into their trap.
Why are journalists more vulnerable now than ever before?
Given that journalists have access to sensitive political and economic information, APTs are now using sophisticated personas to further their collection priorities.
Moreover, APTs will continue to adapt and evolve in their use of phishing and psychological manipulation tactics.
China targeting journalists with precision
In early 2021, Chinese APT TA412, known as Zirconium, went after American journalists. They tailored their campaigns to the current U.S. political climate, and threat actors would target journalists depending on what topics they were covering.
Threat actors would use subject lines recently used in American news articles. One phishing campaign took place immediately after the January 6th attack on the Capitol building, in which attackers focused on journalists covering the incident.
News organizations should invest in cyber security awareness training, and alert journalists to be aware of any messages sent to them via email and social media.
Awareness is the first step. If you don’t even know the threat exists, then you’re already vulnerable.