New cyber attack against The Washington Post

Pierluigi Paganini December 20, 2013

Security experts at Mandiant have discovered that hackers break into Washington Post servers stealing employee users credentials hashes.

Security experts at Mandiant intelligence firm have discovered a new intrusion into the network of The Washington Post, it is the third time in the last three years. In time I’m writing it is still not clear the extension of the attack neither an estimation of the losses. Mandiant reported the incident to The Washington Post this week, confirming that exposed data include employees’ credentials hash.

“Hackers broke into The Washington Post’s servers and gained access to employee user names and passwords, marking at least the third intrusion over the past three years, company officials said Wednesday.” reported a post of the news agency.

Early 2013 the New York Times has announced that during the previous months it was a victim of cyber espionage coordinated by Chinese hackers, similar attacks was conducted against principal Americans news agencies. The hackers have tried to compromise the email account of journalists to steal sensitive information, they tried to infiltrate the network of news agencies using several dozen instances of malware, as revealed by forensics analysis conducted by the Mandiant security firm. The attackers obtained password data for all of the Washington Post reporters and other employees.

the washington post

Regarding this last attack there is no evidence that subscriber information such as credit card data or home addresses was stolen neither the information of which offices of the popular media agency were impacted (e.g. Publishing system, employee e-mail databases, HR database).  The hackers in many cases targeted server used by the paper’s foreign staff to extend their operation to the entire company infrastructure.

Investigators believe the intrusion lasted at most a few days, but the news is very worrying considering that large international news organizations have become a privileged target for hacking campaigns. The Washington Post, NYT and Associated Press were subject to numerous attacks conducted by state-sponsored hackers including the popular group of hackers Syrian Electronic Army.

Waiting for more detailed results of investigation officials planned to ask all employees to change their user names and passwords on the assumption that a large number of them may have been compromised.

Pierluigi Paganini

(Security Affairs –  cyber espionage, The Washington Post)

you might also like

leave a comment