This post is also available in:
עברית (Hebrew)
A ransomware group believed to have links to Russian cybercrime networks has claimed responsibility for a data breach targeting a U.S.-based media company. The gang, known as Termite, posted a message on its dark web site stating it had exfiltrated sensitive data from the News-Press & Gazette Company (NPG), a regional broadcaster and publisher operating across several U.S. states.
As part of its typical extortion tactic, the group released sample files to support its claim. These include images that reportedly show a U.S. passport belonging to a company executive, as well as internal spreadsheets containing personal details of NPG employees, such as addresses and phone numbers, according to researchers from Cybernews who reviewed the leaked materials. If authentic, this type of information could significantly increase risks such as identity theft, targeted phishing, and financial fraud—not only for individual staff members but for the company’s operations as a whole.
NPG operates newspapers in Missouri and Kansas and manages television and radio stations in at least seven other U.S. states, broadcasting in both English and Spanish.
Termite is a relatively new actor in the ransomware landscape, first emerging in late 2024. Since then, the group has claimed responsibility for at least 23 cyberattacks, including one on supply chain software provider Blue Yonder. That incident led to widespread disruptions in the U.S. and UK retail sectors, with companies like Starbucks affected.
Cybersecurity analysts have suggested that Termite may be connected to earlier ransomware families such as Babuk, whose leaked source code in 2021 fueled a wave of derivative malware. Some discussions on underground forums also point to possible links with other Russia-linked groups, including Cl0p.
