A report by Proofpoint revealed that nation-state actors are implementing unique techniques and tactics to conduct data breaches and extort targets. This time, several Turkish, Chinese, and Iranian affiliated hackers are employing clever Twitter schemes to target journalists. These threat actors have engaged in social engineering tactics, including posing as journalists and Twitter employees.

Chinese hackers

  • Chinese threat actor, dubbed Zirconium or TA412, has been targeting U.S. journalists since early 2021. 
  • Another group, named TA459, targeted media personnel with emails that spread the Chinoxy malware.
  • The attackers are targeting the media sector since the risk of failure is moderately low.

Iranian hackers

  • APT35, aka Charming Kitten and Phosphorus, created reporter personas to breach the email accounts of foreign affairs policy experts from the Middle East. 
  • The group, furthermore, targeted academics. 
  • The group posed as journalists from renowned news outlets, including iNews, The Guardian, and Fox News.

Turkish hackers

  • Turkey-based TA482 sends phishing emails to infect the networks of its targets, primarily comprising U.S. media outlets and journalists. 
  • The aim is to steal the targets’ social media accounts. In one such case, the attackers used fake Twitter messages.

More Twitter scams

  • Verified Twitter accounts were the subject of phishing attacks, earlier this month. The fraudsters sent direct messages to the accounts, claiming that their accounts were flagged due to hate speech. 
  • The British Army’s Twitter and YouTube accounts were hacked and spotted promoting fake NFT and crypto giveaway schemes.

The bottom line

As people get more active on social media, so do threat actors. Hence, it is imperative that the risks are evaluated properly. Phishing techniques evolve regularly and social engineering plays a huge role in tricking targets. It is, therefore, crucial that users think carefully before acting on any such schemes. From a technical perspective, enable MFA and review the third parties that have access to your social media accounts.
Cyware Publisher