Researchers with Symantec’s Threat Intelligence team who discovered these attacks confirmed – “dozens of U.S. newspaper websites owned by the same parent company have been compromised by SocGholish injected code”.
Using fake software update alerts displayed by the malicious SocGholish JavaScript-based framework, the Evil Corp gang hacked into dozens of US newspaper websites infecting employees of over 30 major US private firms.
Symantec explains, some of the organizations targeted by WastedLocker could have been compromised when an employee browsed the news on one of its websites”.
The attacks looked like a series of targeted, drive by attacks. The group used employee’s computers as a steeping point into their company’s enterprise networks.
Victims Network could be badly compromised as WastedLocker is a dangerous ransomware, capable of major disruption to operations.
The company who owns the compromised news sites was alerted and the malicious code was removed.