A well-known Russian hacking group previously sanctioned by the United States is behind the crippling ransomware attack on Sinclair Broadcast Group that is continuing to impact news stations across the country, according to The Hill citing a new report.
Bloomberg News cited multiple people “familiar with the attack” in reporting that a group known as Evil Corp. was behind the ransomware attack, which occurred late last week and was disclosed by Sinclair both to the Securities and Exchange Commission and to the public on Monday.
According to Bloomberg, the hackers used a malware virus known as Macaw to attack Sinclair. The company confirmed that data had been stolen in the attack, but that it was still working to determine exactly what data was stolen.
The ransomware attack has wreaked havoc on Sinclair-owned and -operated news stations this week. Sinclair is the second-largest U.S. television station operator, owning or operating around 185 stations, including some radio stations in Seattle now owned by Lotus Media.Sinclair noted Monday that the attack had caused “disruption” to portions of the company, including the provision of local advertisements, stressing that it was “working diligently to restore operations quickly and securely” and that it had engaged the help of an unnamed cybersecurity firm in doing so.
CNN reported Monday that some TV stations had trouble accessing graphics, phones and video files and that some live segments were being pre-taped.
Evil Corp. was the target of a multiagency effort in 2019 after it was accused of using its Dridex malware to steal more than $100 million from hundreds of banks and financial entities in over 40 countries.
As part of that effort, the Treasury Department issued sanctions against 17 individuals and and seven entities associated with Evil Corp., while the State Department offered a reward of up to $5 million for information that could help capture and convict the group’s leader, Maksim Yakubets. The Justice Department also unsealed an indictment against Yakubets.
The DarkSide group, also believed to be based in Russia, was linked to the ransomware attack on Colonial Pipeline in May that led to fuel shortages in several states, which also went offline following the incident.
No comments:
Post a Comment