More than 250 regional and national US newspaper sites have fallen victim to a supply chain attack and are now spreading malware to their readers.
Researchers from the cybersecurity company Proofpoint discovered a malware distribution campaign deployed by a threat actor tracked as TA569, that targeted a media company in the US which owns hundreds of websites belonging to various newspapers.
The media company in question is a firm that provides both video content and advertising to major news outlets. [It] serves many different companies in different markets across the United States.
A report released in August determined that there have been 25,000 sites infected with the malware since January 2022 and 61,000 infected sites in 2021.
Ties to Ransomware Attacks
According to BleepingComputer, Proofpoint has observed SocGholish previous campaigns using fake updates and website redirects to deploy ransomware payloads, while the suspicion that Evil Corp might be responsible is not so far-fetched since the cybercrime gang also used SocGholish in a similar campaign targeting the employees of more than 30 major U.S. private firms via fake software update alerts delivered via dozens of compromised U.S. newspaper websites.