A group of Russian hackers called Evil Corp. was responsible for a cyberattack over the weekend against Sinclair Broadcasting Group Inc, according to a new report.
Sinclair announced in a statement Monday that it had been hacked.
“On October 16, 2021, the Company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the Company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted,” the company said.
“Data also was taken from the Company’s network. The Company is working to determine what information the data contained and will take other actions as appropriate based on its review,” it added.
According to Bloomberg, who cited “two people familiar with the attack,” Russian hackers were behind it all.
“The Sinclair hackers used malware called Macaw, a variant of ransomware known as WastedLocker. Both Macaw and WastedLocker were created by Evil Corp., according to the two people, who requested anonymity to discuss confidential matters,” the outlet reported Wednesday.
Allan Liska, a senior threat analyst at Recorded Future Inc., a cybersecurity firm, confirmed the apparent Macaw link.
“Sinclair appears to have been hit by Macaw ransomware, a relatively new strain first reported in early October,” he told Bloomberg. “There have not been any other Macaw victims publicly reported.”
So what exactly did the attack do? Quite a lot, according to one report.
“The Record, a publication by Recorded Future, said the attack took down Sinclair’s internal network, email services, phone services and the broadcasting systems of local TV stations. As a result, many channels weren’t able to broadcast morning shows, news segments and scheduled NFL games, the Record reported,” Bloomberg said.
“In July, Sinclair performed a companywide password reset for IT resources shared by local stations after what it described as a potentially serious network security issue, according to the Record.”
In an Op-Ed for the Washington Examiner, national security writer Tom Rogan said the attack shows that Russia is playing President Joe Biden for a sucker.
“[D]on’t worry, Joe’s on the case. The president can simply do what he’s been doing since entering office and ask Vladimir to crack down on his hackers,” he wrote.
“Shockingly (not really), Biden’s good cop-good cop routine isn’t working with the KGB colonel. This failure is unsurprising for two reasons,” Rogan added.
“First, because Putin is an opportunist deterred only by action and driven personally by his belief that the United States is Russia’s main enemy. As with other major ransomware attacks this year, such as the Colonial Pipeline hack, which caused havoc to energy supplies on the East Coast, Putin revels in any activity that undermines U.S. social stability. Targeting a conservative broadcaster such as Sinclair, Putin might even hope to further U.S. partisan divides,” he said.
Moreover, these sorts of attacks are connected to Putin, Rogan wrote.
“Second, because Putin’s people oversee these attacks. For evidence of this dynamic, we need look no further than Evil Corp.’s CEO, Maksim Yakubets. Announcing sanctions in 2019 against Yakubets, the U.S. Treasury Department noted that Evil Corp. ‘provides direct assistance to the Russian government’s malicious cyber efforts, highlighting the Russian government’s enlistment of cybercriminals for its own malicious purposes,'” he said.