Hackers in China, Iran and Turkey are using new tactics, including posing as Twitter employees and journalists, in their latest attempts to breach victims’ devices, according to a new cybersecurity study.
The report shows how governments around the world are responding to rising political tensions by ramping up unconventional hacking campaigns.
In one instance, hackers in Turkey created fake messages from Twitter in an attempt to hijack users’ accounts, according to a study by security software company Proofpoint.
The messages informed victims that their accounts had seen a “new login” in Moscow, Russia and urged them to click a link to change their passwords. The hackers took over the accounts of users who clicked on the link and entered their account information.
According to the study, hackers in Turkey have mainly targeted journalists with this technique to steal their social media accounts.
In another tactic, Iranian hackers are creating “reporter personalities” in attempts to breach the email accounts of academics and Middle East policy experts.
“My name is Amy Duncan and I am a senior reporter at Metro newspaper,” reads an email that was sent to an academic who specializes in Iran. “I would be most grateful if I could do an interview with you.”
The fake reporter then sent several follow-up emails, including a video call invitation, with a link that redirected to a password-harvesting website.
Iranian hackers also posed as journalists for Fox News, The Guardian and UK news site iNews, according to Proofpoint.
Other recent hacking campaigns have focused on hacking the accounts of journalists themselves.
After the Capitol riots in January 2021, Chinese hackers blanketed White House reporters and other US politics reporters with phishing emails in an attempt to breach their accounts. Later that year, he shifted his focus to journalists covering cyber security, surveillance and privacy issues – particularly those who write about China, according to Proofpoint.
According to the report, before Russia’s invasion of Ukraine, Chinese hackers turned their attention to journalists covering US and European national security.
Employees of the New York Post and Wall Street Journal were targeted in an apparent Chinese intelligence-gathering campaign, parent company News Corp said in February.
The report said North Korean hackers have also targeted American journalists using fake job listings.
“As far as attempts to manipulate public perceptions with the intent of gathering sensitive information, the knowledge and access that a journalist or news outlet can provide is unparalleled in a public space,” wrote the Proofpoint researchers. “Targeting the media area also reduces the risk of failure or discovery” [hacker] more stringent targets of interest, such as government entities, than one after the other.”