Proofpoint: Journalists Wear a Bull’s Eye instead of a Shirt with Ink Stained Cuffs
July 19, 2022
Proofpoint is a cyber security firm. The company published an interesting blog essay called “Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media.” The write up presents allegedly accurate information that a number of nation states are targeting journalists. This makes sense because some journalists are, in effect, crime and intelligence analysts at heart. Their methods are often similar to those used as certain government organizations.
Is this a new insight from the world’s intelligence professionals? I don’t think so.
The write up states:
Journalists and media organizations are well sought-after targets with Proofpoint researchers observing APT actors, specifically those that are state-sponsored or state-aligned, routinely masquerading as or targeting journalists and media organizations because of the unique access and information they can provide. The media sector and those that work within it can open doors that others cannot. A well-timed, successful attack on a journalist’s email account could provide insights into sensitive, budding stories and source identification. A compromised account could be used to spread disinformation or pro-state propaganda, provide disinformation during times of war or pandemic, or be used to influence a politically charged atmosphere. Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated import.
What nation states are allegedly targeting certain journalists? The article mentions by name these countries:
China
Iran
North Korea
Turkey (sic). The country’s new name is Türkiye
The article includes examples of the Proofpoint analysts’ identification of actions.
The write up concludes with what appears to be some free advice:
The varied approaches by APT actors—using web beacons for reconnaissance, credential harvesting, and sending malware to gain a foothold in a recipient’s network—means those operating in the media space need to stay vigilant.
Many journalists, in my experience, are unaware of the nuances of staying vigilant. Targets are targets because they can be hit. Examples of what has happened are interesting. May I suggest that journalists receive appropriate instruction when learning their craft. Instruction in vigilance may need to be upgraded or enhanced. Many journalists — particularly what I call the Silicon Valley variety — are more interested in recognition, media clout, and being visible than stepping back and asking, “Have I been targeted, played, and manipulated?”
Stephen E Arnold, July 19, 2022