Cyber Incident Victim: United Press International
Date:
Jan 2015
Location:
United States of America
Summary
Twitter accounts belonging to a major news organization and United Press International were compromised by unknown attackers who disseminated fabricated economic and military-related announcements. The false posts included claims about Federal Reserve interest rate policies, Bank of America CEO statements, alleged attacks on a U.S. aircraft carrier by Chinese forces, and fabricated quotes from political and religious leaders. The breach persisted for approximately 40 minutes before control was restored, with the organization confirming website intrusion. Security analysts attributed the incident to likely spear-phishing tactics and insufficient authentication safeguards, noting parallels to previous cyberattacks requiring tailored intelligence to craft credible phishing content.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 6 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 17, 2015, unidentified attackers compromised the Twitter accounts of the New York Post’s business section and United Press International (UPI), posting six fabricated headlines over approximately 40 minutes. The attackers first disseminated false economic claims, asserting the Federal Reserve would implement negative interest rates to counter recession risks from low oil prices; this identical message appeared on both compromised accounts. UPI confirmed its website was also breached during the incident. Subsequent fraudulent tweets from the New York Post account falsely quoted the Bank of America CEO reassuring the public that savings accounts would remain unaffected by the fabricated Fed decision. The attackers then shifted to military disinformation via UPI’s account, falsely reporting that the USS George Washington aircraft carrier had been struck by Chinese anti-ship missiles, followed by a claim of US Navy engagement with Chinese vessels in the South China Sea. Additional fabricated content included a quote misattributed to China’s Xi Jinping accusing Obama of provoking military retaliation and a spurious statement from Pope Francis referencing World War III.
The compromised accounts were restored to their legitimate owners after the 40-minute breach window, with UPI issuing a public statement acknowledging the incident. No technical remediation steps were detailed in available reports. Cybersecurity experts attributed the breach to insufficient security measures, specifically the absence of two-factor authentication (2FA), and suggested spear-phishing as the likely intrusion vector. The attackers demonstrated targeted intelligence gathering to create credible phishing content aligned with the outlets’ reporting focus. The incident’s primary impact was the dissemination of false economic and geopolitical narratives to the accounts’ combined follower base, risking public misinformation and reputational damage to the affected organizations. The breach shared operational parallels with prior CyberCaliphate group activities, which similarly hijacked a US military Twitter account to propagate pro-ISIS messages. No additional consequences, such as financial losses or extended system compromises, were documented in the source material.