HQ/EMEAFind out how we can help your business
Last week, a cybercriminal group claiming to be a sophisticated Russian-backed hacking group defaced the websites of hundreds of local and regional British newspapers, including Newsquest Media.
The gang issued a breaking news headline, “PERVOKLASSNIY RUSSIAN HACKERS ATTACK”, on the websites of Newsquest Media. However, there is no evidence that the publisher has published the article physically.
Based on reports, the attackers have compromised numerous Newsquest titles, suggesting that they have compromised a central or shared content management system. Still, there is no evidence that the hackers were Russian, so the researchers cannot attribute such activities to a specific country.
However, cybercriminal activities affecting media outlets have recently been attributed to Russian and Belarusian threat actors. As of now, one of the most prevalent threat actors that execute such activities is Ghostwriters since a recent analysis detected this group posting bogus reports to inflame tensions.
The attacks on Newsquest Media did not display anything threatening, but they still caused a huge disruption.
According to an archived version of the East Lothian Courier, the news published across Newsquest Media sites did not include any text. Instead, it included the group’s purported name in capital letters, a logo, and a byline given to “Дэниел Хопкинc” in Cyrillic alphabet, or “Daniel Hopkins” in English.
Newsquest is the United Kingdom’s second-largest publisher of local newspapers, with over 250 local news brands and periodicals. Currently, initial research into the disruptions has not been clear about how they affected Newsquest’s titles, and the company has yet to reveal a statement that addresses the concerns regarding the incident.
Furthermore, the incident may raise concerns about the cybersecurity of local media organisations in the United Kingdom since the election season is fast approaching.
On the other hand, a researcher previously classified the distribution of fake reports on hacked genuine news sites as information operations, linking it to a notorious group of hackers affiliated with the Belarusian government.
The group, also known as Ghostwriter, UNC1151, and Storm-0257, is notorious for sending spearphishing emails to journalists in an attempt to acquire access to their organisations’ content management systems.
These campaigns will likely continue this year as the threat actors could be motivated by various illicit motives, such as espionage and misinformation. Therefore, entities in a similar industry should be on the lookout for such activities.
