A cyber incident involving the defacement of numerous local and regional British newspaper websites by a group proclaiming themselves as “first-class Russian hackers” has raised concerns about the cybersecurity of media outlets in the United Kingdom. The group targeted titles owned by Newsquest Media Group, publishing a breaking news story titled “PERVOKLASSNIY RUSSIAN HACKERS ATTACK” on these sites. While there is no evidence to suggest that the hackers were actually Russian, the extent of the breach across multiple Newsquest titles indicates a potential compromise of a central or shared content management system.

The news story published by the hackers did not contain any text, but rather featured the name of the group in capital letters, a logo, and a byline attributed to “Дэниел Хопкинс” in Cyrillic alphabet, which translates to “Daniel Hopkins” in English. This incident highlights the vulnerability of local media groups in the face of cyber threats, especially with an expected election in the UK later this year.

Cyber incidents affecting media outlets have been associated with Russian and Belarusian threat actors in the past, particularly a group known as Ghostwriter. These threat actors have been observed publishing false stories to fuel tensions, and their tactics often involve targeting journalists with spearphishing emails to gain access to content management systems. Ghostwriter has previously targeted Ukrainian military personnel and Poland’s government services, engaging in phishing operations to steal login credentials, compromise websites, and distribute malware.

The incident involving the defacement of Newsquest websites adds to a growing trend of malicious activities targeting legitimate news sites for information operations. In a previous incident, a Czech news service’s website was hacked, and a false story was published falsely claiming an assassination attempt against the newly elected Slovak president by Ukrainian officials. This incident exemplifies the potential impact of false information spread through compromised media outlets.

While there are numerous search results for the “PERVOKLASSNIY RUSSIAN HACKERS ATTACK” on Newsquest titles, none of these stories remain live on the websites. It is unclear if all of Newsquest’s titles were affected by the cyber breach, as the company has not issued a statement regarding the incident. This breach underscores the importance of robust cybersecurity measures for media organizations to protect against cyber threats and safeguard the integrity of their platforms.

As the threat landscape continues to evolve, local media groups in the UK must remain vigilant and enhance their cybersecurity defenses to prevent future incidents of cyber intrusion. The publication of false stories on compromised news sites undermines the trust and credibility of media outlets, highlighting the need for proactive measures to combat cyber threats and maintain the integrity of journalism in the digital age.

Source link