Washington Post Investigates Cyberattack Targeting the Organization’s Journalists 

• The Washington Post started an investigation into the cyberattack targeting several employee emails.
• The intrusion was discovered last Thursday, prompting immediate action by the organization.
• The firm performed a system-wide password reset for employees on Friday to contain potential damage.

The Washington Post has launched an investigation into a cyberattack targeting the email accounts of several journalists, according to an internal memo by Executive Editor Matt Murray and reports from Reuters. 

The intrusion, discovered last Thursday, prompted immediate action, including a precautionary reset of all employee passwords the following day.

The Wall Street Journal (WSJ), which first reported the breach, suggested the attack might have been orchestrated by a foreign entity. The compromised accounts reportedly included those of national security and economic policy reporters, some of whom cover topics related to China. 

These breaches potentially provided attackers with access to work-related emails on affected Microsoft accounts.

Murray’s memo asserted that the cyberattack had not compromised other Washington Post systems or its customer database. However, as an additional safety measure, the newspaper enforced a universal credential reset for all employees late Friday night.

Cyber threats targeting media organizations have risen in recent years, with News Corp, the publisher of WSJ, falling victim to a similar incident in 2022. That attack also compromised email accounts and data belonging to an undisclosed number of journalists.

The Washington Post's swift response highlights the growing importance of robust cybersecurity measures in safeguarding journalistic work and sensitive information. The incident underscores ongoing concerns about the vulnerability of global media outlets, often targeted due to the sensitive, high-stakes nature of their reporting.

While the investigation continues, industry experts speculate that geopolitical motivations may be at play. 

Recently, security researchers discovered that a second Italian journalist – who works for the Naples-based investigative outlet Fanpage – was reportedly targeted by Paragon spyware. In December, Serbian Police unlocked and planted the NoviSpy spyware on a journalist’s phone via Cellebrite.