Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Malicious Campaign Targeting Government Security News Hit Dozens of Sites

On Monday, Government Security News’ (GSN) Editor-in-Chief Jacob Goodwin told readers that the site had been the victim of a cyberattack, which was targeting visitors to the site with malware. As it turns out, more than 60 other sites were victimized by the same attack.

On Monday, Government Security News’ (GSN) Editor-in-Chief Jacob Goodwin told readers that the site had been the victim of a cyberattack, which was targeting visitors to the site with malware. As it turns out, more than 60 other sites were victimized by the same attack.

The GSN attack was initially noticed due to a warning issued by Google’s Chrome after someone attempted to view the site. Chrome, assuming Google is aware of the issue at the time, will flag domains that are confirmed to have malicious content on them.

In addition to GSN, Monday’s malware campaign targeted other media organizations, including a D.C. area radio station, by hijacking the advertising channel. The domains were not compromised, but the ad network itself was used to deliver the redirect code and malicious payload – a classic malvertising attack.

According to researchers at Zscaler, it is likely GSN was compromised for a few days before anyone noticed that googlecodehosting(.)com was serving malicious ads. However, Zscaler also noticed that the same malicious content was being delivered from the same domain, under the ORG and NET top-level domains, expanding the victim list to 65 additional domains.

The payload used during the attacks, a malicious JAR file, is targeting at least two separate Java vulnerabilities in order to install the ZeroAccess Trojan. A similar campaign targeting media domains was detected in May. The earlier campaign targeted WOTP Radio in Washington, D.C., as well as Federal News Radio, The Christian Post, Real Clear Science, and Real Clear Policy.

In each of the cases, the malicious code and payloads were being hosted on compromised WordPress sites, which as SecurityWeek reported earlier this week, have become a popular target due to flaws in third-party code. 

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.