Problem:
Beyond targeting, we also saw summaries of media events or reporting in decoy documents, particularly around press releases related to government or military updates. It appears that APT30 could plausibly be targeting press attachés in order to obtain access to their contacts, which would presumably include the contact information of other public affairs personnel or other journalists of interest to target. Targeting press attachés would enable APT30 to target journalists from a trusted source, which would be an excellent resource for spear phishing. Was the disclosure made with transparency? Do you feel the organization acted ethically? Why or why not?