Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media
Contents
Key Takeaways
- Those involved in media make for appealing targets given the unique access, information, and insights they can provide on topics of state-designated import.
- Proofpoint researchers have observed APT actors since early 2021 regularly targeting and posing as journalists and media organizations to advance their state-aligned collection requirements and initiatives.
- The identified campaigns have leveraged a variety of techniques from using web beacons for reconnaissance to sending malware to establish initial access into the target’s network.
- The focus on media by APTs is unlikely to ever wane, making it important for journalists to protect themselves, their sources, and the integrity of their information by ensuring they have an accurate threat model and secure themselves appropriately.
Overview
Journalists and media organizations suffer from many of the same threats as everyone else. Between threat actors wanting to steal credentials to resell or to utilize compromised hosts for brokered initial access to spread ransomware, …
- Those involved in media make for appealing targets given the unique access, information, and insights they can provide on topics of state-designated import.
- Proofpoint researchers have observed APT actors since early 2021 regularly targeting and posing as journalists and media organizations to advance their state-aligned collection requirements and initiatives.
- The identified campaigns have leveraged a variety of techniques from using web beacons for reconnaissance to sending malware to establish initial access into the target’s network.
- The focus on media by APTs is unlikely to ever wane, making it important for journalists to protect themselves, their sources, and the integrity of their information by ensuring they have an accurate threat model and secure themselves appropriately.
Overview
Journalists and media organizations suffer from many of the same threats as everyone else. Between threat actors wanting to steal credentials to resell or to utilize compromised hosts for brokered initial access to spread ransomware, …
IoC
http://actor-controlled
http://cyberclub.one
http://news-spot.live
http://www.actor-controlled
http://cyberclub.one
http://news-spot.live
http://www.actor-controlled