Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Threat Insight Profile picture
Threat Insight
@threatinsight
@Proofpoint's insights on targeted attacks and the security landscape. Follow us on Bluesky: https://t.co/8OVfhotdeP

Nov 2, 2022, 5 tweets

Proofpoint Threat Research has observed intermittent injections on a media company that serves many major news outlets. This media company serves content via #Javascript to its partners. By modifying the codebase of this otherwise benign JS, it is now used to deploy #SocGholish.

We track this actor as #TA569. TA569 historically removed and reinstated these malicious JS injects on a rotating basis. Therefore the presence of the payload and malicious content can vary from hour to hour and shouldn't be considered a false positive.

Proofpoint observed TA569 injects within the assets of a media company used by multiple major news orgs. More than 250 regional/national newspaper sites have accessed the malicious Javascript. The actual number of impacted hosts is known only by the impacted media company.

Impacted media organizations serve:
Boston
New York
Chicago
Miami
Washington, DC
Cincinnati
Palm Beach
and include other national news outlets

The @ET_Labs team has released out-of-band network detection logic for our supported engines: SID 2039620 is available as part of our ET Open ruleset, free to our customers and the community.

Thanks to researchers @ex_raritas @DustyMMiller @0xkyle.

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling