It is believed that North Korea threat actor Lazarus Group is behind an attack utilizing the Ryuk malware which crippled several U.S. news outlets on Saturday. The attack caused server outages at Tribune Publishing on Saturday which kept the service from printing and distributing a number of popular U.S. news publications which included the Wall Street Journal, New York Times, Los Angeles Times, Chicago Tribune, and the Baltimore Sun. Ryuk is a highly sophisticated malware which is spread via phishing emails. The malware is highly specialized and requires a great deal of tailoring to each victim that it targets. Tribune Publishing discovered the infection on their systems on Friday and began to work to remediate the issue but were unable to before the damage was done.
Analyst Notes
Lazarus Group has been known to utilize the Ryuk malware in the past and is currently believed to have been behind this attack, although investigations are still ongoing into the situation.