{"id":49168,"date":"2022-11-04T13:26:18","date_gmt":"2022-11-04T13:26:18","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34006\/More-Than-250-US-News-Sites-Inject-Malware-In-Possible-Supply-Chain-Attack.html"},"modified":"2022-11-04T13:26:18","modified_gmt":"2022-11-04T13:26:18","slug":"more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/","title":{"rendered":"More Than 250 US News Sites Inject Malware In Possible Supply Chain Attack"},"content":{"rendered":"<div>\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cms.scmagazine.com\/wp-content\/uploads\/2022\/11\/110322_newspapers_computer-1024x614.jpg\" alt class=\"wp-image-459164\"><figcaption>Proofpoint researchers observed a Russian-linked threat actor injecting malicious Javascript within the assets of a media company that serves more than 250 U.S. news organizations in what is believed to be a supply chain attack. (iStock via Getty Images)<\/figcaption><\/figure>\n<\/div>\n<p>Researchers at Proofpoint disclosed in a <a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/threatinsight\/status\/1587865920130752515\" target=\"_blank\">Tweet Wednesday<\/a> that more than 250 U.S. news organizations have accessed malicious SocGholish malware in what could potentially become a very dangerous supply chain attack.<\/p>\n<p>In the Tweet, Proofpoint said it observed intermittent injections on a media company that serves video and advertising services to many major news outlets. The targeted media company serves content via Javascript to its partners, and by modifying the codebase of this otherwise benign Javascript, the threat actors used the media company to deploy the SocGholish malware.<\/p>\n<p>SocGholish infections have historically served as a precursor to ransomware and some instances where stealers and keyloggers have been deployed. End stage payloads are variable based on victim profile and ongoing relationships with other threat actors utilizing Russian-linked TA569 for initial access.<\/p>\n<p>Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, said while they are unable to disclose information related to the targeted media company, the company in question provides both video content and advertising to major news outlets.<\/p>\n<p>DeGrippo said while the threat actor has a demonstrated history of compromising content management systems (CMS) and hosting accounts, at this time, Proofpoint does not have evidence supporting the initial access vector, which likely occurs outside of mailflow.<\/p>\n<p>\u201cTA569 has previously leveraged media assets to distribute SocGholish, and this malware can lead to follow-on infections, including potential ransomware,\u201d said DeGrippo. \u201cThe situation needs to be closely monitored, as Proofpoint has observed TA569 reinfect the same assets just days after remediation. Fixing the problem once isn&#8217;t enough. It\u2019s worth remembering that website security is reliant on a network of assets and services, and that no matter how robust your security is, it&#8217;s only as good as the third-party assets you\u2019re importing.\u201d<\/p>\n<p>DeGrippo said the site in question was first observed hosting the TA569 inject within the last 24 hours. The media company targeted has been informed and has been investigating. Only the targeted media company knows the full total of affected media organizations.<\/p>\n<p>\u201cEven with remediation we have seen TA569 reinfect the same assets days later so continued targeting of this company and others is probable,\u201d DeGrippo said. \u201cSupply chain attacks like this where one compromised asset can push out compromises to the entire network has proven to be a successful business model for threat actors. Media companies who are a pivot point in the news industry need to be wary.\u201d<\/p>\n<h2>Activity linked to Russia-aligned threat actor as Election Day nears in U.S.<\/h2>\n<p>TA569 is believed to be a Russian-aligned threat actor, said Jason Hicks executive advisor and Field CISO at Coalfire. Hicks said given their alignment with a nation-state, it\u2019s not surprising they are attacking media organizations. &nbsp;<\/p>\n<p>Hicks said also given the proximity to Election Day, he expects to see an uptick in this kind of activity given the previous actions taken during previous U.S. elections. Media organizations have a wealth of information that\u2019s of interest to foreign intelligence actors, said Hicks. Sources for stories that are critical of their government, or simply knowing an unfavorable article will get published would be of interest, said Hicks.<\/p>\n<p>\u201cIt also gives them access to information before it becomes public, which would be useful for both awareness and investment purposes,\u201d Hicks said. \u201cOften these organizations are going to be easier to penetrate than the companies and government agencies they are reporting on, so attacking them is a quicker and easier way to collect useful information. Also, by infecting a service provider that caters to many organizations they can quickly expand their footprint and collect data from a wider variety of sources. Media organizations are also easier targets since they lack any significant regulatory burden around security.\u201d<\/p>\n<h2>News organizations vulnerable to supply chain attacks<\/h2>\n<p>Dan Vasile, vice president of strategic development at BlueVoyant and former vice president of information security at Paramount, explained that the reported incident most definitely falls into the category of a <a href=\"https:\/\/www.scmagazine.com\/analysis\/third-party-risk\/lapsu-group-claims-okta-supply-chain-attacks\" target=\"_blank\" rel=\"noreferrer noopener\">supply chain attack<\/a>. Vasile said the attack is similar, yet different to the well-known and costly <a href=\"https:\/\/www.scmagazine.com\/feature\/ransomware\/kaseya-ciso-talks-security-through-the-lens-of-law-enforcement\" target=\"_blank\" rel=\"noreferrer noopener\">Kaseya<\/a> and <a href=\"https:\/\/www.scmagazine.com\/feature\/incident-response\/why-solarwinds-just-may-be-one-of-the-most-secure-software-companies-in-the-tech-universe\" target=\"_blank\" rel=\"noreferrer noopener\">SolarWinds incidents<\/a>, abusing the trust customers have to have in their digital suppliers.<\/p>\n<p>Vasile noted that BlueVoyant\u2019s recent research on the media industry <a href=\"https:\/\/www.bluevoyant.com\/press-releases\/media-industry-cybersecurity-challenges\" target=\"_blank\" rel=\"noreferrer noopener\">found<\/a> security weaknesses and vulnerabilities across a number of vendors that support the media industry, suggesting that, as an industry, media faces significant cybersecurity challenges. In this case, Vasile said the malicious actor targeted the distribution section of the value chain, which is how content gets to broadcast and streaming services.<\/p>\n<p>\u201cAll the actors further down the supply chain, such as news outlets, publishers and their customers, have been impacted,\u201d Vasile said. \u201cThere are strong incentives for websites to load JavaScript, which is how reportedly the attack started, from remote sources including for performance and extra functionality. However, any compromise at the third-party level will propagate instantly to all sites using the infected JavaScript code, exposing their customers.\u201d&nbsp;<\/p>\n<p>John Bambenek, principal threat hunter at Netenrich, said he\u2019s seen a little uptick in attacks on media companies right now. Whether it\u2019s transient, or part of the usual ebb and flow of attacks, remains to be seen, said Bambenek.<\/p>\n<p>\u201cThe real driver here is the use of vulnerable CMS servers (also popular in media companies) to push traffic as part of traffic delivery systems,\u201d Bambenek said. \u201cThey are an important point of the exploit chain typically targeted towards end consumers.\u201d<\/p>\n<p>Proofpoint\u2019s disclosure comes on the heels of last\u2019s week\u2019s incidents at the New York Post and Thomsen Retuers.<\/p>\n<p>SC Media <a href=\"https:\/\/www.scmagazine.com\/analysis\/insider-threat\/incidents-expose-weak-cybersecurity-programs-at-news-media-organizations\" target=\"_blank\" rel=\"noreferrer noopener\">reported last Friday<\/a> that the website and Twitter account of the <a rel=\"noreferrer noopener\" href=\"https:\/\/variety.com\/2022\/digital\/news\/new-york-post-twitter-account-hack-racist-violent-messages-1235415797\/\" target=\"_blank\">N.Y. Post<\/a> was hacked by an insider, whom the paper subsequently fired. And <a rel=\"noreferrer noopener\" href=\"https:\/\/cybernews.com\/security\/thomson-reuters-leaked-terabytes-sensitive-data\/\" target=\"_blank\">Thomson Reuters reportedly<\/a> left at least three of its databases open on the public internet. One of the open instances was 3 terabytes of a public-facing ElasticSearch database that contained sensitive data across the company\u2019s platforms.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34006\/More-Than-250-US-News-Sites-Inject-Malware-In-Possible-Supply-Chain-Attack.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":49169,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[5312],"class_list":["post-49168","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>More Than 250 US News Sites Inject Malware In Possible Supply Chain Attack 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"More Than 250 US News Sites Inject Malware In Possible Supply Chain Attack 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-04T13:26:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cms.scmagazine.com\/wp-content\/uploads\/2022\/11\/110322_newspapers_computer-1024x614.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"More Than 250 US News Sites Inject Malware In Possible Supply Chain Attack\",\"datePublished\":\"2022-11-04T13:26:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/\"},\"wordCount\":1039,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack.jpg\",\"keywords\":[\"headline,hacker,malware\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/\",\"name\":\"More Than 250 US News Sites Inject Malware In Possible Supply Chain Attack 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack.jpg\",\"datePublished\":\"2022-11-04T13:26:18+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack.jpg\",\"width\":1024,\"height\":614},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalware\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"More Than 250 US News Sites Inject Malware In Possible Supply Chain Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"More Than 250 US News Sites Inject Malware In Possible Supply Chain Attack 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/","og_locale":"en_US","og_type":"article","og_title":"More Than 250 US News Sites Inject Malware In Possible Supply Chain Attack 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-11-04T13:26:18+00:00","og_image":[{"url":"https:\/\/cms.scmagazine.com\/wp-content\/uploads\/2022\/11\/110322_newspapers_computer-1024x614.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"More Than 250 US News Sites Inject Malware In Possible Supply Chain Attack","datePublished":"2022-11-04T13:26:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/"},"wordCount":1039,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/11\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack.jpg","keywords":["headline,hacker,malware"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/","url":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/","name":"More Than 250 US News Sites Inject Malware In Possible Supply Chain Attack 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/11\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack.jpg","datePublished":"2022-11-04T13:26:18+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/11\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/11\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack.jpg","width":1024,"height":614},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalware\/"},{"@type":"ListItem","position":3,"name":"More Than 250 US News Sites Inject Malware In Possible Supply Chain Attack"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49168"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49168\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/49169"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}