Australian TV station Channel 9 misses broadcasts after cyber-attack
A mysterious cyber-attack, believed to have been a ransomware infection, has hit Australian TV station Channel 9 over the weekend and prevented the network from airing some of its normal shows on Sunday.
A cyber-attack on our systems has disrupted live broadcasts today however, we have put processes in place to ensure we’re able to resume our normal broadcast schedule.— Channel9 (@Channel9) March 28, 2021
See the full story in tonight’s @9NewsAUS at 6.00pm. pic.twitter.com/N03bO33U3E
The Sydney Morning Herald, a newspaper owned by Nine Entertainment, Channel 9's parent company, said the cyber-attack impacted the TV channel's Broadcast and Corporate networks.
The incident completely shut down Channel 9's Sydney studio, leading to the TV station being unable to air its Sunday morning news program, Weekend Today, which normally runs from 7:00 am to 1:00 pm.
Operations were switched to the station's Melbourne studio, where normal broadcasting resumed at 6:00 pm, but not before Channel 9 missed its regular 5:00 pm news program.
What’s happening? Well not much right now! Tech issues @Channel9 this morning... pic.twitter.com/yvHBbxdbGC— Richard Wilkins (@RichardWilkins) March 27, 2021
In a news article posted online earlier today, Channel 9 said the incident also impacted the operations of its official website.
In a letter sent to staff, Nine Entertainment told employees to work from home as its engineers are restoring affected systems. Some staff and producers were flown to Melbourne until its main Sydney office was brought back online.
While the cause of the disruption was never formally acknowledged, sources described it to the Herald as "some kind of ransomware likely created by a state-based actor."
The TV station said it's now working with the Australian Signals Directorate to investigate the incident.
Not the first time it happened
But even if the attack led to a rare incident where a TV station's broadcasting was impacted, this is neither the first nor the largest cyber-security incident of its kind.
The largest ransomware attack was the one that impacted US-based The Weather Channel in April 2019, when the channel went offline for 90 minutes as a result of hackers encrypting some of the network's servers.
A ransomware attack also hit CBS-owned Entercom, the second-largest US radio network, in September 2019, disrupting some of its satellite radio stations.
M6, one of France's biggest TV channels, was also hit by ransomware in October 2019, but its live feeds were not impacted.
San Francisco's public TV and radio station, KQED, was hit by ransomware in July 2017 and took weeks to recover its systems.
However, the biggest and most widely known incident against a TV network took place on April 8, 2015, when hackers breached French TV station TV5 Monde and took its live feed offline for hours, defaced its website and social media account, and came within hours of destroying the TV network's data, according to the TV5 Monde boss. This attack was attributed to the work of Russian government hackers.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.