Connect with us

Hi, what are you looking for?

Tech & Science

Targeting the news: Ransomware attack on The Guardian

The London-based news company says that personal data of U.K. staff members has been accessed in the incident.

Reading a newspaper. Image by Tim Sandle
Reading a newspaper. Image by Tim Sandle

In ‘news about news’, The Guardian has reported an IT incident and this is being declared a ransomware attack. The bastion of liberal new media was struck by unknown actors during December 2022, although the full details of the incident were not reported until the second week of January 2023.

The London-based news company says that personal data of U.K. staff members has been accessed in the incident. The Guardian is the ninth most-read news site in the world, with almost 390 million visits per month.

Looking into the woes of the newspaper group for Digital Journal is Joe Gallop, Intelligence Analysis Manager at Cofense.

Gallop begins by considering how and why the media is a cybersecurity target, stating: “Journalists and news organizations became increasingly popular targets for cybercriminals in 2022. While details are still emerging about the ostensible ransomware attack on The Guardian, there has been an ongoing effort from state-sponsored threat actors from North Korea, China, and Iran to gain access to journalists’ sensitive information and curtail free speech.”

It is possible that the origin of the attack came from one of these rogue states. Gallop continues: “The attack on The Guardian, unfortunately, follows a familiar trend – threat actors most often use phishing as a preliminary step in multi-step ransomware operations, rather than a direct delivery mechanism for ransomware itself.”

In terms of how such attacks can happen, Gallop offers: “Tools used to establish a pervasive presence and deploy ransomware in the targeted organization’s network may be loaded via the phishing campaign’s malware payload, but only at the command of a human attacker after the automated phishing chain is complete.”

Expanding on the risk, Gallop adds: “Once inside, a threat actor can use any of a large variety of custom and commodity tools to move laterally, escalate privileges, establish persistence and deliver the final ransomware payload. By the time an actual ransomware binary is detectable within a targeted organization’s network, it may be too late to mitigate the impact.”

This finding connects with the measures that need to be taken, as Gallop observes: “Thus, it is more important than ever to catch a ransomware operation at the phishing stage, before it is even identifiable as a ransomware attack.”

Gallop’s recommendation for similar businesses is: “To do this, organizations must take the necessary steps to protect inboxes and detect threats. Adopting actionable intelligence that gives visibility into the risk factors in your network and responds to phishing threats immediately and decisively will help keep malicious actors at bay and ensure the protection of sensitive data.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


Ford’s electric vehicle business lost $2.1 billion in 2022 and has projected another $3 billion in losses for 2023.

Tech & Science

Opponents say AI-powered cameras would threaten civil liberties - Copyright AFP/File Fred TANNEAUTom BARFIELDFrench government plans to trial surveillance cameras upgraded with artificial intelligence...

Tech & Science

A new development means that the binary choice between EVM and non-EVM no longer needs to be made.


A client leaves a branch of First Republic Bank in Manhattan Beach, California, on March 13, 2023 - Copyright AFP Ozan KOSEJuliette MICHELWhen Barrett...