Security experts at Mandiant have discovered that hackers break into Washington Post servers stealing employee users credentials hashes.
Security experts at Mandiant intelligence firm have discovered a new intrusion into the network of The Washington Post, it is the third time in the last three years. In time I’m writing it is still not clear the extension of the attack neither an estimation of the losses. Mandiant reported the incident to The Washington Post this week, confirming that exposed data include employees’ credentials hash.
“Hackers broke into The Washington Post’s servers and gained access to employee user names and passwords, marking at least the third intrusion over the past three years, company officials said Wednesday.” reported a post of the news agency.
Early 2013 the New York Times has announced that during the previous months it was a victim of cyber espionage coordinated by Chinese hackers, similar attacks was conducted against principal Americans news agencies. The hackers have tried to compromise the email account of journalists to steal sensitive information, they tried to infiltrate the network of news agencies using several dozen instances of malware, as revealed by forensics analysis conducted by the Mandiant security firm. The attackers obtained password data for all of the Washington Post reporters and other employees.
Regarding this last attack there is no evidence that subscriber information such as credit card data or home addresses was stolen neither the information of which offices of the popular media agency were impacted (e.g. Publishing system, employee e-mail databases, HR database). The hackers in many cases targeted server used by the paper’s foreign staff to extend their operation to the entire company infrastructure.
Investigators believe the intrusion lasted at most a few days, but the news is very worrying considering that large international news organizations have become a privileged target for hacking campaigns. The Washington Post, NYT and Associated Press were subject to numerous attacks conducted by state-sponsored hackers including the popular group of hackers Syrian Electronic Army.
Waiting for more detailed results of investigation officials planned to ask all employees to change their user names and passwords on the assumption that a large number of them may have been compromised.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.