The Guardian newspaper is facing a “serious IT incident” that has affected access to all its offices. Employees are advised to stay home and stay away from VPNs.
A Guardian Media Group spokesperson has confirmed the incident. According to the spokesperson, the group is yet to confirm the type of attack or the perpetrators, but it is most likely a ransomware attack.
“There has been a serious incident which has affected our IT network and systems in the last 24 hours. We believe this to be a ransomware attack but are continuing to consider all possibilities,” the spokesperson said in an email to The Cyber Express.
I’ve been told that @guardian has suffered a “serious IT incident” which is affecting access to all its offices.
Staff are being told to work from home, and not to use VPN to log in to any systems… 🙁
Wishing the Guardian IT team well, especially at this time of year. pic.twitter.com/d31YOkmwoY
— Graham Cluley 🇺🇦 (@gcluley) December 21, 2022
However, the operations of the British mass media company, which owns several titles including The Guardian and The Observer, has not been affected, the spokesperson assured.
“We are continuing to publish globally to our website and apps and although some of our internal systems are affected, we are confident we will be able to publish in print tomorrow. Our technology teams have been working to deal with all aspects of this incident, with the vast majority of our staff able to work from home as we did during the pandemic,” the spokesperson said.
We will continue to keep our staff and anyone else affected informed.”
The suspicious timing of the attack
The incident happened a day after the newspaper published conversations of Russian soldiers at the Ukraine front lamenting that they are left there to be slaughtered. The newspaper obtained these conversations from Ukrainian intelligence, who were eavesdropping the soldiers.
The report tore into the abysmal lack of security around Russian defense communications tech and practices, which allowed even amateurs to pick up conversations about strategy between military commanders.
Based on the conversations, the newspaper reported that the soldiers were threatened to be shot if they try to retreat.
The Guardian has always been a target
The Guardian has always been on the bad books of the ruling powers for its strong anti-establishment reporting. The group is wholly owned by the Scott Trust Limited, whose declared purpose of existence is to secure the financial and editorial independence of newspaper “in perpetuity.
The independent media house has reinforced its status as a rabble-rouser over the years. The Guardian was part of the international investigation that uncovered the infamous Pegasus spyware and its use by governments, from the US to India.
In July 2013, it broke news of the surveillance program PRISM after getting in touch with former National Security Agency contractor and renowned whistleblower Edward Snowden.
In 2016, the newspaper led an investigation into the Panama Papers, exposing former UK prime minister David Cameron’s connections with offshore bank accounts.
Bad time of year for The Guardian to be hit by a ransomware attack
Talking to The Cyber Express, Graham Cluley said, “It’s a particularly bad time of year for any company to be hit by a ransomware news attack. Cybercriminals know that during the holiday season many businesses will be running with a reduced IT team, and that they may have more opportunity to cause mayhem before their attack is spotted.
I feel sorry for The Guardian’s cybersecurity team who will, no doubt, be at risk of having their Christmas break with their family ruined as
they attempt to harden the newspaper’s defences and determine just how much damage has been done.”
“The Guardian is far from the first media outlet to be hit by cybercriminals, and I very much doubt it will be the last,” Cluley concluded.