A BBC cybersecurity correspondent revealed he was targeted by a threat actor claiming to represent the Medusa ransomware gang. The criminal, who called himself “Syndicate,” or “Syn” for short, contacted the journalist via Signal in July. Syn’s initial offer was a 15% cut of a potential ransom if the correspondent would provide access to the British broadcaster’s network. The criminal then tried to raise the offer to 25%, enticing the journalist with the prospect of a multi-million dollar payoff.
According to the journalist, the hackers’ plan was to use his company laptop as a backdoor into the BBC’s internal network. Once inside, they intended to steal valuable data and demand a ransom from the organization. The hackers promised the reporter a significant payout if their plan succeeded, with the potential ransom running into the tens of millions of dollars. The reporter would, in effect, become an accomplice in the cyberattack, providing the initial access for the threat actors to carry out their scheme.
The ransomware gang’s attempts to recruit the journalist as an insider threat were persistent. The criminal handler, “Syn,” emphasized the potential for a massive payout, suggesting the journalist could become so wealthy from the ransom cut that he might never need to work again. This strategy, known as an insider threat recruitment scheme, is a common tactic used by ransomware groups to gain a foothold inside a target organization.
The targeting of a journalist with access to a major news organization’s systems highlights a growing trend in cybercrime. Threat actors are increasingly turning to social engineering and human vulnerabilities to bypass traditional security defenses. By appealing to financial gain, they aim to turn employees into unwitting or willing collaborators. The case shows that no one, not even a cybersecurity expert, is immune to these sophisticated and often personalized attacks.
Ultimately, the journalist did not comply with the hackers’ demands and instead chose to expose the attempted recruitment. This decision not only thwarted the potential attack on the BBC but also served as a warning to others about the evolving methods of cybercriminals. The incident underscores the critical importance of human vigilance in the face of persistent and cunning cyber threats. It also serves as a reminder that the first line of defense against cyberattacks is often the awareness and integrity of an organization’s employees.
Reference:
