Journalists targeted by state-sponsored attacks



Google’s researchers have announced this week that journalists are often the target of state-sponsored government attacks. The Google security engineers report went on to state that almost all of the biggest news corporations globally have been attacked in some form or another by Government entities.

The report, publicly disclosed in the Black Hat conference in Singapore this week, went on to say that journalists have been misrepresented in the overall number of attacks against news outlets in general. An example given by the Google engineers included an attack by actors from the Chinese Government, who compromised one major news corporation in the west via a spear phishing campaign that utilised a carefully constructed questionnaire.

This research supports the journalists that have been the centre of this kind of news in recent weeks, with Google researchers stating that it is not just journalists themselves that are targets, but organisations as well. The search engine giants went on to state that news organisations may be behind the curve when it comes to information security and are just waking up to the possibility that they are being targeted by sophisticated attackers with a lot of time, resource and money on their hands.

Reports in recent weeks state that journalists and news corporations are significantly behind in terms of securing their network. For example, a recent report released by Digital Trends shows that users, and corporations, are still allowing passwords as simple as ‘123456’. It is no wonder that, in the modern day, state-sponsored actors are identifying this low hanging fruit and using it to penetrate journalists and their organisations.

It is imperative that the journalist community wake up to the threats posed by state-sponsored actors and Government organisations. Organisations need to ensure that their users are trained on the risks, to prevent a re occurrence of the phishing campaign mentioned here. Additionally, controls such as an effective access control policy should be implemented to secure user accounts from weak passwords. With these controls in place, attackers will no longer see journalists and their organisations as low hanging fruit and may move on to other targets.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *