A cybersecurity firm says that Chinese government-linked hackers targeted journalists based in Washington and those covering the White House in the weeks after President Joe Biden’s 2020 victory over former President Donald Trump.
Proofpoint, a cybersecurity research firm, said in a Thursday report that its researchers identified five campaigns by a Chinese hacker group targeting U.S.-based journalists between January and February 2021, “most notably those covering US politics and national security during events that gained international attention.” Proofpoint said that “of note a very abrupt shift in targeting of reconnaissance phishing occurred in the days immediately preceding” the Capitol riot, when “Proofpoint researchers observed a focus on Washington DC and White House correspondents during this time.”
Biden defeated Trump in the presidential election, winning 306 Electoral College votes to Trump’s 232. The Capitol riot occurred as Congress was certifying Biden’s win over Trump on Jan. 6, 2021. There is a dispute within the intelligence community over whether the Chinese government did not attempt to influence the 2020 election or whether it took steps to undermine Trump.
Proofpoint said that the “malicious emails” from the Chinese hackers “utilized subject lines pulled from recent US news articles,” including the apparent New York Times headline “Trump Call to Georgia Official Might Violate State and Federal Law” in early January 2021 and what appeared to be the Kremlin state-run Russia Today headline “US issues Russia threat to China” in early February 2021.
“The campaigns by TA412 and their ilk evolved over the course of months, adjusting lures to best fit the current US political environment and switching to target US-based journalists focused on different areas of interest to the Chinese government,” Proofpoint said. “The campaigns which targeted journalists were part of a broader pattern of reconnaissance phishing conducted by this threat actor over many years.”
PRO-CHINA GROUP LINKED TO BIDEN WHITE HOUSE PARTNERS WITH CCP INFLUENCE ORG
The cybersecurity firm said that the Chinese hacker group “has engaged in numerous reconnaissance phishing campaigns targeting US-based journalists … since early 2021.” The Chinese hacker group, known by Proofpoint as TA412 and dubbed Zirconium and Advanced Persistent Threat 31 by others, “is believed to be aligned with the Chinese state interest and to have strategic espionage objectives” and “has favored using malicious emails.”
Proofpoint said the “data since early 2021 shows a sustained effort by APT actors worldwide attempting to target or leverage journalists and media personas in a variety of campaigns, including those well-timed to sensitive political events in the United States” and that “targeting journalists’ work email accounts is by far the most seen locus of attack used by APT actors against this target set.”
Microsoft had warned in September 2020 that this same Chinese hacker group “appears to have indirectly and unsuccessfully targeted the Joe Biden for President campaign” and “has also targeted at least one prominent individual formerly associated with the Trump Administration.” Google said in October 2020 that the Chinese hackers “targeted campaign staffers’ personal emails with credential phishing emails and emails containing tracking links.”
Last year, the United States and its allies blamed China’s Ministry of State Security for the massive hack against Microsoft in 2021, with the Justice Department also charging members of the Chinese intelligence agency over a separate global espionage campaign.
Proofpoint’s new report also said that “after a months-long break,” the Chinese hacker group “again turned to targeting journalists, but this time those working cybersecurity, surveillance, and privacy issues with a focus on China” in August 2021.
The cybersecurity firm said that after another pause, its researchers “identified a resumption of targeting this sector” in early February 2022 and that the Chinese hacker campaigns “indicated a desire to collect on US-based media organizations and contributors with a focus on those reporting on US and European engagement in the anticipated Russia-Ukraine war.”
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
A Chinese state-owned company was recently accused by the Commerce Department of aiding Russia’s military during its war against Ukraine — but the Biden administration insists it hasn’t seen China provide military equipment to the Kremlin.
Russian leader Vladimir Putin and Chinese leader Xi Jinping announced their “no limits” partnership at the start of the Beijing Olympics in February, and Russia invaded Ukraine later that month.
