Media agencies are increasingly facing threats of cyberattacks not just by hit-and-run threat actors but also sophisticated and well-skilled state-sponsored APT groups. Attackers are using several attack vectors, such as theft of data, ransomware, and phishing. Recently, the Funke Media Group was hit by a massive cyberattack.
What has happened?
In the last two months alone, several media agencies around the world have been targeted.
- These attacks on media agencies were found to be located in Western Europe, Southeast Asia, and North America. The majority of agencies were located in Europe.
- Targeted organizations include Al Jazeera, Radio Azzurra, Ritzau, Union of Catholic Asian News, Groupe Ouest-France, and Rossel La Voix Group, among others.
The Chinese state-sponsored APT group Mustang Panda was found using a new variant of PlugX malware. The attackers leveraged a spoofed email header imitating journalists from the Union of Catholic Asia News in spear-phishing messages.
- Monarchy, Sneaky Kestrel, Center-1, Center-2 (having links with the UAE and Saudi Arabia) used specialized malware (Pegasus and Kismet) to steal sensitive information for espionage purposes.
- In addition, some of the attackers were observed to be using ransomware attacks to disrupt media agencies (such as Paris Normandy and Banijay Group) and ask for ransom.
- In the recent Funke Media Group attack, attackers sent phishing emails with attachments containing malicious code, which were downloaded by employees of the organization.
The large attack surface of media agencies is making it harder for them to overcome such frequent ongoing cyber attacks. Therefore, experts recommend media agencies to monitor and protect all digital and social platforms. In addition, they suggest partnering up with digital security experts and educating individuals on the risks involved.