The Guardian IT incident believed to be ransomware attack

22 Dec 2022


An incident affected the media company’s tech network and systems, while IT management company Okta also suffered a breach.

News organisation The Guardian has been hit by a serious IT incident believed to be a ransomware attack.

The suspected attack affected parts of the company’s IT network and systems, however The Guardian was able to continue publishing articles online.

In a note to staff, Anna Bateson, chief executive of The Guardian Media Group, and Katharine Viner, editor-in-chief, said most staff should work from home as a precaution.

“Our technology teams have been working to deal with all aspects of this incident, with the vast majority of our staff able to work from home as we did during the pandemic,” they said.

“With a few key exceptions we would like everyone to work from home for the remainder of the week unless we notify you otherwise.”

Joseph Carson, chief security scientist and advisory CISO at Delinea, said that although the confirmation of a ransomware attack hasn’t yet been made, the incident may be part of a rise in targeting of media outlets.

“Such publications are ideal victims for attackers due to the high resonance and large-scale disruption they can potentially cause,” he said.

“Cyberattackers thrive in disrupted environments, as people are distracted and their guards are low, particularly during a holiday season.”

Trevor Dearing, director of critical infrastructure solutions at Illumio, added that there could be several motives at play in the suspected ransomware attack.

“The most obvious is financial, but it could also be political or nation-state driven, particularly given the publication’s coverage of recent, high-profile world events,” he said.

“Regardless of motive, the attack is another example of how any organisation can be a target for ransomware. Companies need to plan for survival, not prevention of attacks.”

Okta code repositories hacked

In a separate incident, US company Okta has confirmed suspicious access to its code repositories.

The company, which develops tools for access and identity management, already suffered a hack from cybercriminal gang Lapsus$ earlier this year.

In a statement released yesterday (21 December), Okta said it believes access was used to copy its code repositories.

“Our investigation concluded that there was no unauthorised access to the Okta service, and no unauthorised access to customer data. Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure,” it said.

“As soon as Okta learned of the possible suspicious access, we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications.”

The incidents follow a year of high-profile attacks and data breaches, affecting companies such as Microsoft, Nvidia and Revolut.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Jenny Darmody is the editor of Silicon Republic