Cyber Incident Victim: Herald TV
Date:
Apr 2022
Location:
India
Summary
A malicious cyberattack targeted a media organization's YouTube channel, with hackers traced to Kolkata seizing control by renaming it to 'Ethereum' and altering registration credentials, including email, password, and mobile number. The attackers blocked access and streamed unauthorized financial content for nearly four hours, impacting the channel's operations. The breach was suspected to stem from attempts to undermine the platform's growing influence due to its news coverage and debates. The organization's IT team successfully regained control after approximately 12 hours of recovery efforts, restoring settings and privacy. Incident details, including the hacker's purported identity and IP address, were compiled for submission to cybercrime authorities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 19, 2022, at approximately 3:44 AM, unidentified hackers compromised the YouTube channel of Herald TV, a digital asset of Goa-based media outlet O Heraldo. The attackers, whose IP address originated from Kolkata, seized control by altering the channel’s name to “Ethereum” and broadcasting unauthorized live content for nearly four hours, focusing on financial trading topics related to cryptocurrency. This malicious takeover blocked all legitimate access to the channel, disrupting its operations. The hackers executed a comprehensive account takeover by changing the registered email address, password, and two-factor authentication mobile number linked to the channel, deliberately obstructing recovery efforts. Herald’s management attributed the attack to an intentional effort to undermine the channel’s expanding audience and journalistic influence, which had grown through its breaking news coverage, live debates, and investigative reporting in Goa’s media landscape. The breach represented a deliberate attempt to sever the outlet’s connection with its viewership during a critical operational period.
Herald’s IT team initiated immediate countermeasures, working continuously for 12 hours to regain control of the compromised account. Through systematic efforts, they reversed the unauthorized changes to the channel’s security settings and restored access, though specific technical recovery methods were not disclosed. Following account recovery, Herald secured evidence including the fraudulent email account and phone number registered under the name “Tapan Rajmistry,” along with the attacker’s IP address, to formally report the incident to Goa’s cybercrime cell. The swift containment limited the operational downtime but exposed vulnerabilities in the channel’s account security infrastructure. No data theft or secondary compromises were reported, with primary impacts confined to temporary service disruption and reputational risks from the illicit live stream. The incident underscored the channel’s susceptibility to credential-based attacks despite its growing digital prominence in regional news coverage.