Attribution Unknown in Tribune Publishing Attack
Kacy Zurkus | January 02, 2019
The malware attack that disrupted the printing operations of the Chicago Tribune and other Tribune Publishing newspapers, including the Los Angeles Times, remains under investigation with no clear evidence that points to a source responsible for the attack, according to the Chicago Tribune. “Sunday print editions were delivered in its markets across the U.S. but did not contain classified ads and some paid death notices, which share a common system disrupted by the malware," the Chicago-based company said. The attack, which was reported to the FBI on December 28, 2018, disrupted newspaper delivery to Los Angeles Times subscribers, for which the company apologized in a note to readers. As is often the case with high-profile attacks, people want to know what happened, yet the investigation remains ongoing despite some reports attributing the attack to the Lazarus Group, an advanced persistent threat (APT) group linked to North Korea. Some have been inclined to point to North Korea because an unidentified source familiar with the investigation reportedly said the malware had been identified as Ryuk ransomware, which has previously been linked to the Lazarus Group. “While there’s plenty of speculation, there are relatively few facts available about this incident at the moment,” said Tim Erlin, VP, product management and strategy at Tripwire. “It’s unclear at this point whether this was a targeted or opportunistic attack. The impact to newspaper delivery could be collateral damage or the intended result.