According to Threatpost, the emails—sent from breakingnews[@]mail[dot]cnn[dot]com—contain links to fabricated news stories that, if followed, download malicious software. The malware in these emails, once downloaded onto an unsuspecting computer, begins to download more malicious software.
It is not clear what, exactly, that malware is designed to do.
One such email, posted by the Kaspersky Lab, included an article pretending to be written by CNN journalist Casey Wian. The headline read, “The United States began bombing!”. The story was dated August 14, 2013.
Oddly, the email included a error-riddled summary of the article: “Pentagon officials said that the United Stated launched the first strikes against Syria. It was dropped about 15 bomn on stalitsu syria Demascus.”
Email screenshot via Kaspersky Lab/Securelist
The SEA has a long history of launching attacks on western media outlets. Earlier this year they hacked the New York Times, and Twitter, as well as the Daily Dot.
In the past, these SEA targets have drawn the group’s ire by reporting negatively on the Assad regime and its actions during the Syrian Civil War. The motivation behind this particular SEA attack is less clear.
Photo by D. Miller/Flickr