Proofpoint claims threat actor deploys malicious code to media sites


More than 250 regional and national newspaper sites in the United States have accessed malicious JavaScript created by an actor known as TA569, according to email security firm Proofpoint.

In a tweet threadthe company’s Threat Insight unit said the media company that served as the host for this malicious code served content to its partners using JavaScript.

“The actual number of affected hosts is known only to the affected media company,” Proofpoint tweeted.

“We are tracking this actor as TA569. Historically, TA569 has removed and reinstated these malicious JS [JavaScript] take turns injecting. Therefore, the presence of the payload and malicious content may vary from hour to hour and should not be considered a false positive.”

The actor was modifying the codebase of what was described as otherwise benign JavaScript and using it to deploy SocGholish, Proofpoint claimed.

SocGholish is an initial access threat that exploits unwanted downloads masquerading as software updates, according the Red Canary firm.

“SocGholish relies on social engineering to run, tricking unsuspecting users into executing a malicious JavaScript payload stored in a downloaded ZIP file,” the company said in a post about the threat.

Proofpoint said the media organizations involved serve Boston, New York, Chicago, Miami, Washington DC, Cincinnati and Palm Beach.


Thoughtworks presents XConf Australia, back in person in three cities, bringing together people who care deeply about software and its impact on the world.

Now in its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust discussion program as local thought leaders and Thoughtworks technologists share first-hand experiences and discuss new ways to empower teams, deliver great software, and drive innovation for technology responsible.

See how we at Thoughtworks are improving technology, together.

Tickets are available now and all proceeds will be donated to Indigitek, a non-profit organization that aims to create tech employment pathways for First Nations people.

Click the button below to register and get your ticket to the Melbourne, Sydney or Brisbane event



It’s all about webinars.

Marketing budgets are now focused on webinars combined with lead generation.

If you want to promote a webinar, we recommend at least a 3-4 week campaign before your event.

The iTWire campaign will include numerous advertisements on our news site and a major newsletter promotion and promotional and editorial news. Plus a video interview of the key speaker on iTWire TV which will be used in promotional posts on the iTWire homepage.

Now that we are coming out of Lockdown, iTWire will focus on supporting your webinars and campaigns and support through partial payments and extended terms, Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



Comments are closed.