SECURITY
SECURITY
SECURITY
North Korea suspected in attack that delayed printing of major newspapers
North Korea is suspected to be behind a malware attack that delayed the printing of several major U.S. newspapers on Saturday morning.
The malware attack, believed to have involved a version of the Ryuk ransomware family that crippled a North Carolina water utility in October, struck printing centers operated by Tribune Publishing and the Los Angeles Times.
Along with the Los Angeles Times, other newspapers affected by the outage, which prevented on-time delivery of Saturday newspapers, included the San Diego Union Tribune and the West Coast editions of the New York Times and the Wall Street Journal.
The print editions of the Chicago Tribune, Lake County News-Sun, Post-Tribune, Hartford Courant, Baltimore Sun, Capital Gazette and Carroll County Times were published on Saturday without paid death notices and classified ads because of the malware attack as well.
“We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information,” an anonymous source told the Los Angeles Times.
Separately, Tribune Publishing said in a statement that “the personal data of our subscribers, online users, and advertising clients has not been compromised. We apologize for any inconvenience and thank our readers and advertising partners for their patience as we investigate the situation.”
Although the Times only states that they believe that the attack was “carried out by a foreign state or some other entity,” the use of Ryuk makes the likely attacker the infamous Lazarus Group, a hacking team state sponsored by the North Korean government. Ryuk was first detected in the wild in mid-August and infected several organizations in the U.S.
At the time, Ryuk would encrypt files on a targeted network, then demand payment of between five and 50 bitcoin to unencrypt the files. Where Ryuk differed, however, was that every infection recorded at the time was a highly targeted attack — that is, there wasn’t one case of accidental infection.
Why the Lazarus Group and/or North Korea would target the printing presses of legacy media is unknown, but as Axios pointed out, the newspaper hack is a reminder that all infrastructure in the U.S. is vulnerable.
Photo: 45958601@N02/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
