Dozens of US newspaper websites owned by the same company were hacked by the Evil Corp gang to infect the employees of over 30 major US private firms. The cybercriminal outfit lured users with fake software update alerts displayed by the malicious SocGholish JavaScript-based framework.
After downloads were made, the employees’ computers were the used as a stepping point into their companies’ enterprise networks as part of what looks like a series of targeted drive-by attacks.
Source: Bleeping Computer