It only took one attack last week, but it was enough to allow the Syrian Electronic Army (SEA) to compromise The Washington Post, CNN and Time.
On Wednesday, visitors who clicked recommendation links featured on any of the the victim sites may have been redirected to pages controlled by the pro-Assad hacker collective. The links were said to have contained political messages and did not serve any malicious content.
The SEA took claim for the attacks via Twitter, explaining it was facilitated – and in short time – by compromised a third-party known as Outbrain, a content recommendation service used by more than 90,000 websites and blogs.
Access to Outbrain enabled the attackers to infect the targeted sites.