Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Media Firm. Show all posts

A Cyber-Attack has Disrupted Slovenia's Most Popular TV Channel

 

In what appears to be an extortion attempt, a cyber-attack has crippled the operations of Pop TV, Slovenia's most popular TV channel. The attack, which occurred on Tuesday, disrupted Pop TV's computer network, preventing the firm from displaying computer graphics for the evening edition of 24UR, the station's daily news broadcast. 

Pop TV said in a statement on Tuesday, the day of the attack, that the night edition of the same show was canceled entirely, albeit a truncated version of the news appeared on the company's website. While news broadcasts were resumed the following day, the attack had an impact on other aspects of the network's operation. 

"At Pro plus media house, we are rebuilding a business that has been disrupted by a recent cyber-attack. We cannot yet estimate the full extent of the attack, we are currently focusing all our efforts on putting our main systems back into their original operation as soon as possible, which will enable the smooth operation of television programs and websites," the company said. 

Pop TV stated in a second statement on Wednesday that the attack also targeted several of its online servers, including VOYO, an on-demand streaming platform that includes channels from its parent firm as well as licensed movies and TV shows. The attack, according to the firm, stopped its employees from contributing new content to the site as well as broadcasting any of its channels or live sporting events, such as the Winter Olympics, which enraged many of its paid users. 

According to the Slovenian news outlet Zurnal24, Pop TV is being extorted by international hackers in what looks to be a ransomware-style attack. Slovenia's Computer Emergency Response Team, SI-CERT, also published a statement, saying that it was assisting the TV station in dealing with the incident but refused to provide any further insights.

Several prominent TV stations have been targeted by cyber-attacks in recent years, including France's M6 (October 2019), The Weather Channel (April 2019), the Cox Media Group (June 2021), the Sinclair Broadcast Group in the United States (October 2021), Portugal's SIC (January 2021), and Iran's IRIB (February 2021). 

With the exception of the IRIB incident, most of these were ransomware assaults on the stations' backend IT infrastructure, causing broadcasts to go offline for hours while engineers worked to restore systems, implying that Pop TV got off easier than the majority of the previous incidents.

Lapsus$ Ransomware Gang Hacked Portugal's Largest Media Conglomerate

 

The Lapsus$ ransomware group has compromised and is actively extorting Impresa, Portugal's largest media conglomerate and owner of SIC and Expresso, the country's leading TV channel and a weekly newspaper, respectively. The attack occurred during the New Year's holiday and targeted the company's online IT server infrastructure. Impresa, Expresso, and all SIC TV channels' websites are presently offline. National airwave and cable TV broadcasts are unaffected, however, the attack has disabled SIC's internet streaming capability. 

Both the Expresso newspaper and the SIC TV station stated that they had reported the incident to the PJ criminal investigation police agency and the National Cybersecurity Centre (CNCS) and would file a complaint. The claimed hackers posted a message on the websites threatening to reveal internal data if the media firm did not pay a ransom. The message includes contact information for e-mail and Telegram. 

The Lapsus$ group claimed responsibility for the attack by displaying a ransom letter on all of Impresa's websites. In addition to a ransom demand, the message says that the organization has gained access to Impresa's Amazon Web Services account. When all of the sites were put into maintenance mode on Monday, Impresa workers looked to have regained control of this account, but the attackers promptly tweeted using Expresso's verified Twitter account to demonstrate that they still had access to company resources. 

Lino Santos, CNCS's coordinator, informed the Observador newspaper that this was the group's first attack in the country. In the meantime, both media outlets are disseminating news pieces via their social media networks. It was an "unprecedented attack on press freedom in the digital age," they said. 

The Impresa hack is among the most significant cybersecurity events in Portugal's history. Impresa is by far the largest media group in the country. According to September 2021 TV ratings, SIC and all of its secondary channels lead the TV market, while Expresso has the highest weekly periodical circulation numbers. Nonetheless, Impresa owns a slew of other media organizations and periodicals, all of which are likely to be impacted by the attack.

Before the Impresa attack, the Lapsus$ group hacked and ransomed the Ministry of Health of Brazil, as well as Claro and Embratel, two South American telecommunications firms. This is the second ransom attack on a media conglomerate during the holiday season, following the Ryuk gang's December 2018 attack on Tribune Publishing, owner of the Los Angeles Times.

Cyberattack Halts Operations at Norway's Largest Publisher Amedia

 

Amedia, one of the largest media firms in Norway, announced on Tuesday that it fell victim to a cyberattack that forced it to shut down multiple computer systems. 

The company publishes more than 70 newspapers for 2.5 million Norwegians and the attack prevented the firm from printing Wednesday’s edition of physical newspapers. The hack also impacted the company’s advertising and subscription systems, restricting advertisers from purchasing new ads and stopping subscribers from ordering or canceling subscriptions. 

The company has not provided clarification on the extent of the breach. Hence, it remains unclear if subscribers’ and employees’ credentials and private details were compromised. The subscriber data contains names, addresses, phone numbers, and the subscription history of customers while employee data includes employment conditions/agreements, Social Security numbers, and salaries.

“We are in the process of gaining an overview of the situation, but do not yet know the full potential for damage. We have already implemented comprehensive measures to limit the damage and to restore normal operations as quickly as possible,” said Executive Vice President of Technology, Pål Nedregotten in a translated statement on the company’s website. 

“Amedia now works on the basis that customer data can be compromised. If personal information has gone astray, those affected will be informed as soon as possible. This will apply to both customers and employees. In such a case, the Data Inspectorate will be notified of what has happened and how we work with mitigating measures,” Nedregotten added.

The company also did not mention the vulnerability exploited. A Twitter user who claims to be a security researcher from Norway says the attacker exploited CVE-2021-1675 - the PrintNighmare vulnerability - to gain initial access and for subsequent lateral movement. 

The attack on Amedia is the third major Norwegian cyberattack reported over the last several days. Nortura, one of the country’s leading food producers, revealed on December 21 that it was forced to shut down its IT systems after suffering a cyberattack at multiple factories. The company said it is investigating the incident with help from the police, and that it is focusing on minimizing damage to systems and operations.