Hackers from China, Iran and Turkey are using new tactics including impersonating Twitter employees and journalists in their latest attempts to breach victims’ devices, according to a new cybersecurity study.
The report shows how governments around the world are responding to rising political tension by stepping up unconventional hacking campaigns.
In one example, hackers from Turkey created fake Twitter messages in an effort to hijack user accounts, according to research from security software company Proofpoint.
The messages notified victims that their accounts had seen a “New Login” in Moscow, Russia, and urged them to click a link to change their passwords. Hackers would take over the accounts of users who clicked on the link and entered their account information.
Turkish hackers have primarily targeted journalists with this technique in an effort to steal their social media accounts, according to the study.
In another tactic, Iranian hackers are creating “reporter personas” in an effort to breach the email accounts of Middle Eastern scholars and policy experts.
“My name is Amy Duncan and I am a senior reporter for the Metro newspaper,” reads one such email that was sent to an academic who specializes in Iran. “I would be very grateful if I could have an interview with you.”
The fake reporter then sent several follow-up emails, including an invitation to a video call with a link that redirects to a password collection website.
Iranian hackers have also published as journalists for Fox News, The Guardian and the UK news site iNews, according to Proofpoint.
Other recent hacking campaigns have focused on hacking into journalists’ own accounts.
After the riots on Capitol Hill in January 2021, Chinese hackers blanketed White House correspondents and other US political reporters with phishing emails in an attempt to breach their accounts. Later that year, they shifted their focus to reporters covering cybersecurity, surveillance and privacy issues, especially those writing about China, according to Proofpoint.
Before the Russian invasion of Ukraine, Chinese hackers shifted their focus to journalists covering national security in the United States and Europe, according to the report.
Employees of the New York Post and the Wall Street Journal were targeted in an apparent Chinese intelligence-gathering operation, parent company News Corp said in February.
North Korean hackers have also targeted American journalists using fake job listings, the report says.
“From intentions to collect sensitive information to attempts to manipulate public perceptions, the insight and access a journalist or media outlet can provide is unique in the public space,” the Proofpoint researchers wrote. “Targeting the media sector also reduces the risk of failure or discovery to a [hacker] than pursuing other more hard-core targets of interest, such as government entities.”