Hackers from China, Iran and Turkey are using new tactics including posing as Twitter employees and journalists in their latest attempts to breach victims’ devices, according to a new cybersecurity study. 

The report shows how governments around the world are responding to increased political tension by ramping up unconventional hacking campaigns.

In one example, hackers from Turkey created fake messages from Twitter in an effort to hijack users’ accounts, according to the study from security software company Proofpoint. 

The messages notified victims that their accounts had seen a “New Login” in Moscow, Russia and urged them to click a link to change their passwords. Users who clicked the link and entered their account information would then have their accounts taken over by the hackers. 

The Turkish hackers have primarily targeted journalists with this technique in an effort to steal their social media accounts, according to the study. 

Twitter hack attempt
An example of a fake Twitter email that Proofpoint says was sent out by Turkish hackers.

In another tactic, Iranian hackers are creating “reporter personas” in efforts to breach the email accounts of academics and Middle East policy experts. 

“My name is Amy Duncan and I’m a senior reporter with Metro newspaper,” reads one such email that was sent to an academic who specializes in Iran. “I would be most grateful if I could have an interview with you.” 

The fake reporter then sent multiple follow-up emails, including a video call invitation with a link that redirects to a password-harvesting website. 

Hacking attempt
Iranian hackers are impersonating journalists, according to Proofpoint.

Iranian hackers have also posted as journalists from Fox News, The Guardian and UK news site iNews, according to Proofpoint. 

Other recent hacking campaigns have focused on breaching the accounts of journalists themselves. 

After the Capitol riots in January 2021, Chinese hackers blanketed White House correspondents and other US politics reporters with phishing emails in attempts to breach their accounts. Later that year, they shifted their focus to reporters covering cybersecurity, surveillance and privacy issues — especially those who write about China, according to Proofpoint. 

Ahead of Russia’s invasion of Ukraine, the Chinese hackers shifted their focus to journalists covering US and European national security, according to the report. 

Employees of the New York Post and Wall Street Journal were targeted in an apparent Chinese intelligence-gathering operation, parent company News Corp said in February.

North Korean hackers have likewise targeted US journalists using fake job listings, the report says. 

“From intentions to gather sensitive information to attempts to manipulate public perceptions, the knowledge and access that a journalist or news outlet can provide is unique in the public space,” Proofpoint’s researchers wrote. “Targeting the media sector also lowers the risk of failure or discovery to a [hacker] than going after other, more hardened targets of interest, such as government entities.”



Source link

About Author

Tyler Cowan