Iranian Hackers Behind Cox Media Group Ransomware Attack


The ransomware attack that crippled the IT systems and live streams of Cox radio and TV stations earlier this year was the work of Iranian hackers, The Record has learned. From the report: The attack has been attributed to a threat actor tracked under the codename of DEV-0270, a group linked to several intrusions against US companies this year that have ended in the deployment of ransomware. While the intrusion at the Cox Media Group came to light on June 3, when the attackers deployed their ransomware and encrypted some internal servers, the group had actually breached and been lurking inside the company’s internal network for weeks since mid-May. The attack did not impact all Cox Media Group radio and TV stations but managed to cripple the ability of some stations to broadcast live streams on their sites. The Cox Media Group initially tried to play down the attack. Local reporters who shared details about the ransomware incident on Twitter were admonished and told to delete tweets. The company did, however, formally confirm the attack in October, four months later, but without mentioning any details about the Iranian hackers.



Source link