It is a firm that provides both video content and advertising to major news outlets, according to the media company in question. According to Sherrod DeGrippo, VP of Threat Research and Detection at Proofpoint, “[It] serves many different companies in different markets across the United States,”
“By modifying the codebase of this otherwise benign JS, it is now used to deploy SocGholish.”
More than 250 U.S. news outlets have been affected by the malware, including major news outlets, according to security researchers at Proofpoint.
There is no exact number of affected news organizations, but Proofpoint says it knows of affected media organizations (including national news outlets) in New York, Boston, Chicago, Miami, and Washington, D.C.
Another important thing to note about this particular attack is that it’s known to attack again as soon as the first attack is remediated. Security researchers at Proofpoint noted this by saying: “The situation needs to be closely monitored, as Proofpoint has observed TA569 reinfect the same assets just days after remediation.”