Analysis of data provided by a US cybersecurity firm shows Russian hackers tried to access the email inboxes of at least 200 reporters around the world.
Russian hackers pursued journalists with the same gusto as when they went after US politicians and intelligence figures, an Associated Press investigation has found.
The espionage group known as Fancy Bear tried to break into Gmail inboxes of at least 200 reporters, publishers and bloggers as early as mid-2014 and as recently as a few months ago, according to an analysis of data supplied by the cybersecurity firm Secureworks and interviews with more than 40 journalists.
The list provides a map of the media outlets that regularly draw the Kremlin's ire.
"These are journalists that bother them," said Natalia Gevorkyan, a Russian columnist who reviewed the data.
Gevorkyan, the author of a book on Russian intelligence, said the hacking campaign appeared geared to collecting private emails, "which they can use as leverage for later".
The list provides new evidence for the US intelligence community's conclusion that Fancy Bear - which Secureworks calls Iron Twilight - acted on behalf of the Russian government when it intervened in the US presidential election, a charge the Kremlin denies.
It also provides a kind of Who's Who of Russia reporting and independent journalism, covering Washington, Moscow, Ukraine, the Baltics and elsewhere in the post-Soviet sphere.
The hackers pursued more journalists than any other group of targets identified by the AP, except for diplomatic personnel and US Democrats.
New York Times journalist among those targeted
The list includes roughly 50 foreign correspondents based in Moscow or Russian reporters ranging from bloggers in provincial cities to high-profile Moscow television stars like Ksenia Sobchak, who is mounting a longshot bid for the presidency.
The former New York Times Moscow bureau chief, Ellen Barry, was among the targets. Fancy Bear tried to send phishing emails to roughly 50 of Barry's colleagues at The Times in late 2014, according to two people familiar with the matter.
Eliot Higgins, whose open source journalism site Bellingcat was repeatedly targeted by Fancy Bear beginning in early 2015, said the phishing attempts seemed to begin "once we started really making strong statements about MH17", the Malaysian airliner shot out of the sky over eastern Ukraine.
Bellingcat played a key role in marshalling the evidence that the plane was destroyed by a Russian missile, Moscow's denials notwithstanding.
The clearest timing may be that of writer Adrian Chen, who has often covered the darker reaches of the internet.
On June 2, 2015, Chen published a prescient expose of the Internet Research Agency, the Russian "troll factory" that won fresh infamy in October over revelations that it had manufactured make-believe Americans to pollute social media with partisan rhetoric ahead of the 2016 election.
Eight days after Chen published his big story, Fancy Bear tried to break into his account.
Chen said he wasn't worried for himself. But he sympathised with the hurt and humiliation that leaks can visit on their victims.
"I've covered a lot of these leaks," he said. "I've seen what they could do."