Supply Chain Malware Infects Hundreds of News Websites

Threat actors compromised the infrastructure of an unnamed media company to deploy SocGholish JavaScript malware on hundreds of newspaper websites across the U.S.

This unnamed media company provides both video and ad content to major news sites.

Proofpoint researchers are tagging this threat actor TA569 and the malware looks like browser updates with names like Chrome.Update.zip and Firefox.update.zip, among others.

These updates are fake and malicious.

In total, Proofpoint says that this malware has shown up on more that 250 news websites in the U.S.

Also consider that now that this is public, watch out for copycats. The key to this attack was compromising a (supply chain) provider that is used by a lot of companies.

In part, we have to make sure, the best we can, that users don’t fall for these attacks.

BUT, we also need to make sure that our infrastructure is more secure. Zero trust is part of it, but only part. There is no single ‘silver bullet’ to fix the problem, but there are a number of tools that can improve the situation.

Unfortunately, these solutions are not free.

But, neither is recovering from a cyber attack.

If you need help implementing a solution, please contact us.

Credit: Bleeping Computer