Hackers claiming to represent the pro-Assad hacktivist collective Syrian Electronic Army (SEA) have conducted a multi-targeted attack against a number of US media outlets using a previously unknown security flaw.
The SEA is believed to have breached the security of content recommendation firm Outbrain, which pushes recommendations to those sites. When readers of the Washington Post and Time websites clicked on linked content from Outbrain, some customers were redirected to the SEA's website. CNN International, meanwhile, was defaced and displayed the headline "Hacked by SEA" for a time.
The SEA, since its founding in May 2011, has regularly attacked news outlets that it believes have published negative news about president Assad, including BBC News, Al Jazeera and the Associated Press (AP).
The organisation also successfully took over the AP twitter feed in April 2013, falsely reporting a bomb had exploded at the White House and Barack Obama had been injured.
In a blog post, Outbrain's co-founder and CEO, Yaron Galai, said the organisation had been a victim of a "social engineering attack" by the SEA.
"On the evening of August 14th, a phishing email was sent to all employees at Outbrain purporting to be from Outbrain's CEO. It led to a page asking Outbrain employees to input their credentials to see the information,"he said.
"Once an employee had revealed their information, the hackers were able to infiltrate our email systems and identify other credentials for accessing some of our internal systems."
Outbrain said late in the evening on 15 August that its network had been secured and full service resumed at approximately 1.00am on 16 August.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Twitter API keys found leaked in over 3,200 apps, raising concerns for linked accountsNews Business and verified Twitter accounts linked to affected apps are at risk of takeover, use in malicious campaigns
-
The Twitter hack, and why we need a better class of criminalOpinion The bitcoin scammers’ biggest crime isn’t fraud - it’s lack of imagination
-
Media and telco consortium calls for social media regulationNews Companies including Channel 4, BT and the BBC urge the government to place firms like Facebook under greater oversight
-
Twitter alerts users after squashing password revealing internal bugNews The company is advising users to reset their passwords 'in the interests of caution'
-
Twitter freezes accounts in the wake of password leakNews Company requests password resets as security measure
-
Twitter blocks US intelligence agencies from Dataminr alerts
News Social media service has alerted US government of terror attacks before news media
-
Twitter will warn you of state-sponsored attacksNews Social network follows in the footsteps of Facebook by alerting users targeted by governments
-
Virginia shooting - don't open that link!Opinion Scammers and cyber criminals love to capitalise on tragedy, and we can't help but click
