News Corp., which owns The Wall Street Journal’s publishers and The New York Post, announced that a “persistent” cyberattack was discovered on a small number of employees. A cybersecurity company official working with the mass media conglomerate claimed that the attack had links to China.
The publishing arm of Murdoch’s media empire originally founded the company. Friday’s breach was disclosed in a financial filing to Securities and Exchange Commission and an internal email to employees.
News Corp. claims that the cyberattack was discovered in January. Mandiant executives then contacted law enforcement to get assistance. However, David Wong (Vice President for Incident Response at Mandiant) stated that cybersecurity firm’s analysts concluded that those responsible for this activity had ties to China. They were involved in spying or “involved with espionage activities” in order to obtain information “to serve China’s interests”, he said. Chris Wray, FBI Director, stated that the Bureau opens a counterintelligence inquiry about the Chinese government “about once a day or so.” He said that the FBI currently has more than 2,000 investigations focused on “the Chinese government trying steal our information or technology.”
News Corp. may have business assets that could be of interest to China. Journalists with sensitive information or contacts with knowledgeable sources are attractive targets for espionage. Chinese hackers have used espionage to target dissidents in China, and even attempted to attack websites hosting the New York Times homepage. China’s security officials plan to install a surveillance system that tracks journalists, students from abroad, and other people of interest.
According to an internal email to employees, News Corp. sent security experts to assist journalists who may have been affected. These included “a limited number” of email accounts for business and documents from News Corp headquarters and News Technology Services. News Corp. stated that certain data had been stolen but didn’t provide any further details.
Mandiant and News Corp. did not share any further information on how the hackers got in. However, in the SEC filing News Corp. refers to both “network” and “information systems”, as well as “third party providers for certain technology and “cloud-based” systems and services. One of these was the target of this attack. The activity of a third-party cloud provider could have been linked to a wider supply chain-based attack. This could make it possible for other clients who use that technology to be at risk.
“We believe it’s important that other media organisations be made aware of the threat in order to make appropriate precautions. We are providing technical details about the attack to Media Information Sharing and Analysis Organization,” News Corp. Chief Tech Officer David Kline and Chief Information security Officer Billy O’Brien write in an internal email to staff.
News Corp. currently believes that the “threat activities” have been contained, but Kline and O’Brien didn’t share any information on why or how long they believe this to be true.
They concluded that they would not accept criticisms of their journalism and would not be discouraged from reporting the important news to readers all over the world.