Hackers working for the Russian government sent a barrage of targeted phishing emails between 2014 and 2016 to employees of major news outlets, and they focused particularly on Al Jazeera in the days before and shortly following the U.S. presidential election, according to new research by cybersecurity firm Trend Micro. It’s unclear exactly why the elite team of hackers — known as APT-28, Fancy Bear or Pawn Storm — focused so heavily on the Qatar-based, state-funded global broadcaster during that short window. Like other news agencies targeted over the longer two-year span, including the New York Times and Buzzfeed, the award-winning outlet covered the election in detail and dedicated a section of its website to election-night coverage.
Trend Micro’s Forward-looking Threat Research, or FTR, team said staff at Al Jazeera were repeatedly sent phishing emails with deceptive links, including “account-aljazeera.net” and “sset-aljazeera.net.” The subject line for some emails sent by the hacking group include “News: Yemen air strikes kill 23 in factory: residents” and “News: Tragedy in Nepal.”
“Pawn Storm often uses the exact same headlines [in phishing attacks] from recent news reports seen on media sites like CNN, Al Jazeera, Huffington Post, Military Times and many others,” the report reads.
Al Jazeera representatives did not respond to CyberScoop inquiry concerning the findings of TrendMicro’s research report. The outlet had shut down its U.S.-based news team several months prior to the targeting dates listed by Trend Micro.