Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Qilin ransomware gang claimed responsibility for the Lee Enterprises attack

The Qilin ransomware group claims responsibility for attacking the newspaper Lee Enterprises, stealing 350GB of data. The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers. Lee Enterprises, Inc. is a publicly traded American media company. It publishes 79 newspapers in 25 states, and more than […]

Qilin ransomware Lee Enterprises

The Qilin ransomware group claims responsibility for attacking the newspaper Lee Enterprises, stealing 350GB of data.

The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers.

Lee Enterprises, Inc. is a publicly traded American media company. It publishes 79 newspapers in 25 states, and more than 350 weekly, classified, and specialty publications.

The company reported to the SEC that a Feb. 3 cyberattack led to unauthorized access, file withdrawals, and encryption of critical applications. At least 79 newspapers faced publication disruptions, subscriber access issues, and disabled newsroom phones. After the cyber attack, many sites displayed maintenance notices.

“On February 3, 2025, Lee Enterprises, Inc. (“Lee” or the “Company”) experienced a systems outage caused by a cybersecurity attack. Upon discovery, Lee activated its incident response team, comprised of internal personnel and external cybersecurity experts retained to assist in addressing the incident.” reads the FORM 8-K filed with SEC. “Preliminary investigations indicate that threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files. The Company is actively conducting forensic analysis to determine whether sensitive data or personally identifiable information (PII) was compromised. At this time, no conclusive evidence has been identified, but the investigation remains ongoing.”

On February 27, the Qilin ransomware group claimed responsibility for the Lee Enterprises cyberattack on its Tor leak site. The group claimed the theft of 350GB of data, including financial records, journalist payments, and insider news tactics. To prove the attack, the group published samples, such as ID scans, corporate documents, and spreadsheets.

The gang threatens to leak the stolen data on March 5.

“All data will be published on March 5, 2025. We are preparing to share sensitive data with the public that could shed new light on Lee Enterprises, a prominent newspaper publishing firm active across all U.S. states. The documents we hold about Lee Enterprises reveal details worth noting—investor records, financial arrangements that raise questions, payments to journalists and publishers, funding for tailored news stories, and approaches to obtaining insider information.” reads the message published by Qilin on its leak site. “This is a story that merits attention. Headquartered in Davenport, Iowa, and listed on Nasdaq under the ticker LEE, Lee Enterprises describes itself as a leading source of trusted local news and information, with robust digital platforms and innovative advertising solutions. By focusing on local audiences, they claim strong reader connections, stability amid economic shifts, and a top rank in digital marketing and content services. Yet, the information we’ve uncovered might offer a different perspective. Watch this space—Lee Enterprises is aware of what’s in play.”

Qilin is a Russian-speaking cybercrime group operating a Ransomware-as-a-Service (RaaS) model since 2022. Initially, Qilin’s ransomware was written in Go but transitioned to Rust in December 2022, enhancing its capabilities.

Qilin has targeted various sectors, including healthcare. Notably, in June 2024, an attack on the UK-based medical laboratory company Synnovis, which significantly disrupted operations across London hospitals.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Lee Enterprises)