Researchers at cybersecurity company Proofpoint said they have observed the China-backed advanced persistent threat group, TA412, also known as Zirconium, engaging in several reconnaissance phishing campaigns since early last year.
Proofpoint says it witnessed five separate phishing campaigns in January and February 2021 targeting U.S.-based journalists, notably those covering U.S. politics and national security. However, the researchers noted a “very abrupt shift in targeting of reconnaissance phishing” in the days leading up to the January 6 attack on the U.S. Capitol, with the hackers focusing on Washington, D.C. and White House correspondents.
The China-backed hackers utilized subject lines pulled from recent U.S. news articles, such as “Jobless Benefits Run Out as Trump Resists Signing Relief Bill,” “US issues Russia threat to China” and “Trump Call to Georgia Official Might Violate State and Federal Law,” according to the researchers.
Then, months later in August 2021, Zirconium turned its attention to journalists working o …
