Threat Watch

North Korea Believed to Have Been Behind Ryuk Attack on Major News Outlets

It is believed that North Korea threat actor Lazarus Group is behind an attack utilizing the Ryuk malware which crippled several U.S. news outlets on Saturday.  The attack caused server outages at Tribune Publishing on Saturday which kept the service from printing and distributing a number of popular U.S. news publications which included the Wall Street Journal, New York Times, Los Angeles Times, Chicago Tribune, and the Baltimore Sun.  Ryuk is a highly sophisticated malware which is spread via phishing emails.  The malware is highly specialized and requires a great deal of tailoring to each victim that it targets.  Tribune Publishing discovered the infection on their systems on Friday and began to work to remediate the issue but were unable to before the damage was done.

ANALYST NOTES

Lazarus Group has been known to utilize the Ryuk malware in the past and is currently believed to have been behind this attack, although investigations are still ongoing into the situation.