Cyber Incident Victim: The Almanac
Date:
Sep 2015
Location:
United States of America
Summary
Embarcadero Media Group's websites were disrupted by hackers posing as Anonymous, demanding removal of unspecified harmful content from *The Almanac*. Attackers defaced sites with a threatening message and imagery, prompting a phishing scam during the outage. The company restored services with IT efforts, involving police and FBI, while the CEO described the attack as sophisticated. A cybersecurity expert suggested the hack might not align with Anonymous' typical tactics, noting their usual avoidance of media targets.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 30, 2025, Embarcadero Media Group experienced a cyberattack that disrupted all its websites, including *Palo Alto Weekly*, *Mountain View Voice*, *Pleasanton Weekly*, and *The Almanac*. The attack began at approximately 10:30 PM on Thursday, September 29, when unauthorized actors replaced the sites’ content with an image of an individual wearing a Guy Fawkes mask—a symbol associated with the hacktivist collective Anonymous—and a message accusing *The Almanac* of hosting harmful content. The message demanded the removal of unspecified material and threatened permanent shutdowns if Embarcadero Media failed to comply, directing readers to email CEO Bill Johnson with removal requests. Staff at the media group, including *Palo Alto Weekly* editor Jocelyn Dong, reported confusion over which specific stories or photos triggered the attack. The IT department worked overnight to investigate the breach, while the newsrooms continued operations on Friday. By 7:01 AM on September 30, a former employee shared a screenshot of the defaced *Mountain View Voice* site on Facebook, amplifying public awareness. The Palo Alto Police Department was contacted to assist in the investigation.
During recovery efforts, visitors attempting to access Embarcadero Media’s websites encountered a fraudulent pop-up warning of a virus infection and urging users to call a provided phone number—a tactic identified by San Jose Inside’s IT team as a phishing attempt unrelated to the original hack. By Friday evening, the websites were restored following IT interventions that leveraged system backups and safeguards. CEO Bill Johnson characterized the incident as a “sophisticated and elaborate attack aimed at inflicting extensive damage,” crediting backups and rapid IT response for mitigating operational harm. The FBI joined the investigation, though Forbes journalist Parmy Olson cast doubt on Anonymous’ involvement, citing the lack of specific grievances in the attackers’ message and the collective’s historical reluctance to target media organizations. No further details about the attackers’ identity or the disputed content were disclosed publicly at the time of reporting.