October 4, 2023

Threat actors of nation state kind aligned with China, Iran, North Korea, and Turkey targeting journalists to conduct espionage and spread malware.

The goal of such attacks, is to gain competitive intelligence edge or spread disinformation and propaganda.


Two Chinese hacking groups, TA412 and TA459, targeting media personnel with malicious emails containing web beacons and weaponized documents respectively that were used to amass information about the recipients’ network environments and drop Chinoxy malware.

North Korea Lazarus Group targeted an unnamed U.S.-based media organization with a job offer-themed phishing lure following its critical coverage of supreme leader Kim Jong Un, once again reflective of the threat actor continued reliance on the technique to further its objectives.

Pro-Turkey hacking group TA482, targetted US based journalists which has been linked to a credential harvesting attack designed to siphon Twitter credentials via bogus landing pages.

Multiple Iranian APT actor such as Charming Kitten TA453 by masquerading as journalists to entice academics and policy experts into clicking on malicious links that redirect the targets to credential harvesting domains.

A threat actor Tortoiseshell impersonated media organizations like Fox News and the Guardian to send newsletter-themed emails containing web beacons.


The third Iran-aligned adversary TA457, delivered a .NET-based DNS Backdoor to public relations personnel for companies in the U.S., Israel, and Saudi Arabia.

Journalists and media entities have become the victims of attacks is underscored by their ability to offer unique access and information, making them lucrative targets for intelligence gathering efforts.

Leave a Reply

%d bloggers like this: