The Guardian is reporting News Corp cyber-attack: firm says it believes hack linked to China.
News Corp was the target of a hack that accessed emails and documents of journalists and other employees, an incursion the company’s cybersecurity consultant said was likely meant to gather intelligence to benefit China’s interests.
The attack, discovered on Jan. 20, affected a number of publications and business units including The Wall Street Journal and its parent Dow Jones; the New York Post; the company’s U.K. news operation; and News Corp headquarters, according to an email the company sent to staff Friday.
News Corp said it notified law enforcement and hired cybersecurity firm Mandiant Inc. to support an investigation.
“Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” said David Wong, vice president of incident response at Mandiant.
<p>We expect to see more potential nation-state led cyberattacks as tensions between Russia, China and the West increase. We urge all businesses, even those without direct links to the British government, to be extra vigilant in the coming months.</p>
<p>It’s time to remind ourselves that there is always more information to be discovered after the initial disclosure of a cyber attack like this one. We should expect that the information shared today isn’t the full story.</p>
<p>Cyber attack attribution is extremely difficult, and while the casual reader may draw the conclusion here that China is responsible (which may be true), it’s worth noting the language that Mandiant uses. Mandiant states that “those behind this activity have a China nexus” and that “they are likely involved in espionage activities to collect intelligence to benefit China’s interests.” The statement does not go as far as pointing to the Chinese government directly. The term “China nexus” and the phrase “benefit China’s interests” are both ways of softening the conclusion. In these types of reports, language matters.</p>
<p>On its surface, this seems like the kind of incident the newly formed Cyber Safety Review Board might investigate. This might be a test of the effectiveness of that effort, but given the international nature of News <span class=\"il\">Corp</span>, it will also test how that board addressed the inherently different borders that apply to cybersecurity.</p>
<p>This is an early example of what we believe will be a broader escalation of cyberattacks by nation state actors in the coming year. Just days ago the FBI labeled Chinese cyber aggression more \’brazen and damaging\’ than ever before and we’re seeing that play out in real time. This is likely an intelligence gathering campaign that could have broader impacts on US journalism and politics for years to come.</p>
<p>News <span class=\"il\">Corp</span> certainly isn\’t the first news organisation targeted in an espionage campaign and won\’t be the last. Other high profile attacks against the New York Times and Associated Press have made headlines in the past and I\’d suspect many other news organisations are being targeted on a daily basis. If there is a silver lining with this latest cyberattack, it appears to be that News <span class=\"il\">Corp</span> minimised the data loss.</p>
<div>Unfortunately, for the vast majority of companies, it is inevitable that they will be breached. Today, prevention is measured by how quickly companies identify the risk and kick the hackers out of the network before they do damage. What fuels these espionage campaigns is the fact Russia, China, North Korea, Iran and other nation-states don\’t follow the rule of law and they provide safe havens for many hacking groups and fund other ones. I like to call it \’state-ignored\’ hacking activity and operations. Overall, it’s time to do more than the minimum. It’s time to tighten up and get the security practices right. Least privilege. Resilience. Planning for the worst. A detection mindset. Don’t just do more of the same, presume infection and get good at preventing it, finding it, recovering from it, and limiting the blast radius when it happens.</div>
<p>Normally the Olympic seasons bring out the best in people. Sadly though, threat actors don’t sleep and are waiting to pounce thinking the guard is down on tempting targets. Given the present state of world affairs, all organizations – regardless of industry – should be operating at an increased “state of alert” as the threat environment has expanded greatly due to geopolitical issues.</p>
<p>As the threat environment continues to change, proper and continuous diligence is required to ensure all cyber defensive tools and techniques are employed to protect your most precious data assets. Continuous intelligence, monitoring, and dialogue with critical partners and suppliers should be ongoing to ensure “all is ready” in the event recovery is needed, and that additional support is available in the event something were to occur.</p>