The websites of the New York Times and Twitter were under attack and the Syrian Electronic Army (SEA), a pro-Assad group, have claimed responsibility for the attack.
The media organisations were hit after their domain name details were maliciously edited by the hacktivists.
The attack on the New York Times and Twitter would be the group’s most severe attacks till date.
Other major media companies targeted by the group in recent months include the Financial Times, Washington Post, CNN and BBC.
But in this latest attack, the SEA was able to cause more sustained damage with a technique which also saw the Huffington Post hit.
The attacked domains were managed by hosting company Melbourne IT, which has said it is looking at “additional layers of security” for protecting domain details.
The attack focused on editing DNS – Domain Name System – information.
The SEA was able to gain access to Melbourne IT’s system, where Twitter and the New York Times registered their respective domains.
It meant that the hackers could change DNS details so that instead of, for example, “nytimes.com” taking you to the Times’ servers, the domain was instead pointed to a website hosted by the SEA.
In Twitter’s case, the SEA targeted twimg.com – a separate domain that the social network used to store image data, as well as styling code.
While Twitter itself remained active, the disruption to twimg.com meant many pages displayed incorrectly.
Twitter has released a statement, saying that no user data had been affected.
The SEA used its Twitter account to publicise the attacks on both sites, posting images of its work.
“Hi @Twitter,” the group said in one tweet, “look at your domain, its owned by #SEA :)”
Melbourne IT blamed the breach on a reseller – a third party that sells domains through the company’s system.