Cyber Incident Victim: Newsquest Media Group
Date:
Feb 2019
Location:
United Kingdom
Summary
Newsquest Media Group experienced a significant security breach involving a virus injected into its server infrastructure, compromising numerous local news websites. The attack hijacked users' browsers upon accessing the affected sites, displaying fraudulent "thank you for your loyalty" messages before redirecting them to unrelated prize promotion pages. Hundreds of thousands of visitors attempting to read local news content were impacted by this forced redirection scheme, which leveraged the media group's compromised web platforms to drive traffic to external websites hosting deceptive prize offers. The incident disrupted normal news access and exposed users to unintended malicious content through browser manipulation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around February 27, 2019, Newsquest Media Group experienced a security breach affecting its network of local news websites. Attackers injected malicious code into a Newsquest server, compromising multiple titles within the publisher's portfolio. This code deployed a virus that automatically triggered when users attempted to access any affected Newsquest website. The malware forcibly redirected visitors to an unrelated third-party prize promotion website, interrupting normal news browsing. Users encountered a message stating "thank you for your loyalty" during the redirection sequence, suggesting the attackers sought to disguise the malicious activity as a legitimate promotional offer. Browser hijacking occurred across both mobile devices and desktop browsers accessing the compromised sites.
The incident impacted hundreds of thousands of website visitors attempting to read local news through Newsquest's platforms. Multiple regional newspaper websites operated by the group were confirmed as infection vectors, though the exact number of compromised domains remained unspecified in initial reports. Primary consequences included widespread disruption of news access and unauthorized redirection to external prize solicitation pages. No details regarding data exfiltration, financial theft, or duration of server compromise were disclosed in available reporting. UKNIP247 first documented the breach, noting the injection's server-side origin and its propagation across "many" Newsquest properties. A post-publication correction addressed a headline typo in original coverage but did not alter substantive breach details.