Cyber Incident Victim: Tribune Publishing
Date:
Dec 2018
Location:
United States of America
Summary
A malware attack disrupted production at a Southern California printing plant shared by multiple major newspapers, preventing the timely publication of several print editions. The incident impacted systems critical to publishing operations, spreading from initial detection to compromise essential infrastructure within a day. Technical teams from the affected organizations worked to mitigate the threat but could not fully restore systems before press deadlines, leading to delayed delivery of print editions to subscribers. The plant's shared infrastructure caused collateral disruption to regional versions of additional national newspapers beyond those directly operated by the facility owner. Subscribers were advised to expect bundled delivery of missed editions alongside subsequent issues while restoration efforts continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 27, 2018, a suspected malware attack disrupted production at Tribune Publishing's Southern California printing plant, impacting multiple newspapers. The incident began on Thursday night when malicious software infiltrated shared computer systems used by the Los Angeles Times and San Diego Union-Tribune. By Friday, the malware had spread to critical systems required for publishing operations, preventing the production of Saturday editions. Affected publications included the Los Angeles Times, San Diego Union-Tribune, and Southern California regional editions of the Wall Street Journal and New York Times. Technology teams from both Tribune Publishing and affiliated organizations worked to contain the threat but were unable to fully restore systems before press deadlines. The attack caused significant operational disruption, forcing newspapers to delay print distribution while maintaining digital availability of content.
Response efforts continued through the weekend as technical personnel attempted to eradicate the malware and restore normal operations. Tribune Publishing's director of distribution, Joe Robidoux, coordinated logistics to deliver Saturday's print editions bundled with Sunday's publications. No ransomware demands or specific attacker motives were disclosed in available reports, and law enforcement involvement remained unconfirmed. The incident highlighted vulnerabilities in shared printing infrastructure, though no customer data breaches or permanent data loss were reported. Editorial teams maintained digital publishing capabilities throughout the disruption, ensuring continuous news coverage despite print production challenges. Final restoration timelines for all affected systems were not publicly disclosed in initial reports.