Government-sponsored hackers from China, Turkey, Iran, and North Korea have been working to gain access to news media networks by surveilling and impersonating reporters, according to cybersecurity firm Proofpoint.
In a report released Thursday, the company reveals that state-backed hackers targeted journalists in a variety of ways, including using phishing emails to access their work emails, social media accounts, and networks.
The report also indicated that government hackers regularly impersonate media members because of the "unique access and information they can provide" to the governments of the countries they are working for.
"A well-timed, successful attack on a journalist's email account could provide insights into sensitive, budding stories, and source identification," the report said.
Since early last year, Chinese-aligned hackers have primarily targeted U.S.-based reporters covering politics and national security and attempted to gain access with phishing attacks.
The malicious emails would have subject lines that reference recent U.S. news, such as "US issues Russia threat to China," and "Jobless benefits run out as Trump resists signing relief bill."
According to the report, there also seemed to be an uptick of attacks during events that gained international attention, such as the Jan. 6 breach of the U.S. Capitol.
Proofpoint also found similar state-sponsored operations in Turkey, Iran, and North Korea.
In Turkey, the report's authors found that hackers have been targeting the Twitter accounts of anyone writing for an academic institution or a news media outlet since the beginning of this year.
Hackers in Iran would pretend to be reporters to gain access to media networks and would reach out to sources directly who have knowledge of foreign policy in the Middle East.
"The threat actor uses these personas to engage in benign conversations with targets, which consist mostly of academics and policy experts working on Middle Eastern foreign affairs," the report said.
As state-sponsored cyberattacks are likely to continue in an effort to access sensitive information and manipulate the public consciousness, the report's authors warned journalists to protect their sources and themselves.
"The varied approaches by APT [advanced persistent threat] actors — using web beacons for reconnaissance, credential harvesting, and sending malware to gain a foothold in a recipient's network — means those operating in the media space need to stay vigilant," the report said. "Assessing one's personal level of risk can give an individual a good sense of the odds they will end up as a target."
"In an era of digital dependency, the media, like the rest of us, is vulnerable to a variety of cyberthreats [and] some of the most potentially impactful are those stemming from [state-sponsored] actors," Sherrod DeGrippo, vice president of threat research and detection at Proofpoint told The Hill.