“Sophisticated” New York Times attack targeted Australian domain name firm

The website of the New York Times briefly disappeared this week, replaced by a banner saying, “Hacked by Syrian Electronic Army” – victim of an attack described as “sophisticated”. Twitter and the Huffington Post were also briefly affected.

The attack was announced in a Tweet at 4.30pm Eastern Time, saying that the site was “experiencing technical difficulties.” Ellen Murphy, the vice president of corporate communications for the NYT said via Twitter that the “issue is most likely the result of malicious external attack.”

Attacks also affected the websites of Twitter and the Huffington Post UK, which briefly experienced difficulties loading. The Whois database listings for all three sites were altered, with links to Syrian Electronic Army’s sites, according to IT ProPortal.

The hacktivist group Syrian Electronic Army claimed responsibility for the attacks in a series of Tweets on its official account, posting Tweets saying, “Media is going down,” and discussing the possibility of redirecting all Twitter’s users to the group’s official site.

The attack targeted Melbourne IT, an Australian domain name registrar. A spokesman for Melbourne IT said that a reseller’s username and password allowed attackers to access domain names on that reseller’s account, according to ITV News.

The breach originated at an Indian Internet service provider, according to Reuters. Two staff members from a reseller opened a phishing email. One of these staff was the direct manager of the NYTimes domain, and had their passwords in his email.

“The SEA went after the company specifically to create a high-profile event,” Melbourne IT CEO Theo Hnarakis said in an interview with Reuters. “This was quite a sophisticated attack.”

The group has claimed responsibility for a series of high-profile hacks against media organizations and messaging apps over the past few months, with hacks targeting the Thomson Reuters, the Financial Times, CBS and chat apps such as Tango and Viber.

Previous attacks have compromised blog pages and app pages on Google Play, as well as leaking customer information and compromising official corporate Twitter feeds.

In the wake of attacks earlier this year, Twitter sent out an email to media groups saying, “We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers.”

Author , We Live Security

Follow us

Copyright © 2017 ESET, All Rights Reserved.