Too soon to attribute cyberattack that disrupted U.S. newspapers, researchers say
It’s too soon to tell whether North Korean hackers were responsible for a cyberattack that prevented multiple major U.S. newspapers from delivering weekend editions on time.
The attack last week against the Tribune Company disrupted printing operations at papers including the Los Angeles Times, the San Diego Union-Tribune, the New York Times and the Wall Street Journal. Several sources told the Los Angeles Times the attack appeared to be caused by Ryuk, a type of ransomware with low technical capabilities. Ryuk has infected hundreds of computers at multiple companies, according to researchers from security vendor Check Point.
While Ryuk shares attributes with the Hermes malware, which is often attributed to suspected North Korean hackers known as the Lazarus Group, researchers say that doesn’t mean Pyongyang has launched a digital assault against U.S. press institutions. “The style of this attack fits the pattern of a lot of different groups at this point,” Robert M. Lee, CEO of the industrial cybersecurity company Dragos, told CyberScoop in an email. “This complicates the attribution claims of course and at this point any claims of attribution simply are too early.”