News Corp Journalists Emails Hacked, China Blamed

The Guardian is reporting News Corp cyber-attack: firm says it believes hack linked to China.

News Corp was the target of a hack that accessed emails and documents of journalists and other employees, an incursion the company’s cybersecurity consultant said was likely meant to gather intelligence to benefit China’s interests.

The attack, discovered on Jan. 20, affected a number of publications and business units including The Wall Street Journal and its parent Dow Jones; the New York Post; the company’s U.K. news operation; and News Corp headquarters, according to an email the company sent to staff Friday.

News Corp said it notified law enforcement and hired cybersecurity firm Mandiant Inc. to support an investigation.

“Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” said David Wong, vice president of incident response at Mandiant.

Experts Comments

February 07, 2022
Jamie Akhtar
CEO and Co-founder
CyberSmart

We expect to see more potential nation-state led cyberattacks as tensions between Russia, China and the West increase. We urge all businesses, even those without direct links to the British government, to be extra vigilant in the coming months.

February 07, 2022
Tim Erlin
VP of Product Management and Strategy
Tripwire

It’s time to remind ourselves that there is always more information to be discovered after the initial disclosure of a cyber attack like this one. We should expect that the information shared today isn’t the full story.

Cyber attack attribution is extremely difficult, and while the casual reader may draw the conclusion here that China is responsible (which may be true), it’s worth noting the language that Mandiant uses. Mandiant states that “those behind this activity have a China nexus”

.....Read More

It’s time to remind ourselves that there is always more information to be discovered after the initial disclosure of a cyber attack like this one. We should expect that the information shared today isn’t the full story.

Cyber attack attribution is extremely difficult, and while the casual reader may draw the conclusion here that China is responsible (which may be true), it’s worth noting the language that Mandiant uses. Mandiant states that “those behind this activity have a China nexus” and that “they are likely involved in espionage activities to collect intelligence to benefit China’s interests.” The statement does not go as far as pointing to the Chinese government directly. The term “China nexus” and the phrase “benefit China’s interests” are both ways of softening the conclusion. In these types of reports, language matters.

On its surface, this seems like the kind of incident the newly formed Cyber Safety Review Board might investigate. This might be a test of the effectiveness of that effort, but given the international nature of News Corp, it will also test how that board addressed the inherently different borders that apply to cybersecurity.

  Read Less
February 07, 2022
Paul Martini
CEO
iboss

This is an early example of what we believe will be a broader escalation of cyberattacks by nation state actors in the coming year. Just days ago the FBI labeled Chinese cyber aggression more 'brazen and damaging' than ever before and we’re seeing that play out in real time. This is likely an intelligence gathering campaign that could have broader impacts on US journalism and politics for years to come.

February 07, 2022
Sam Curry
Chief Security Officer
Cybereason

News Corp certainly isn't the first news organisation targeted in an espionage campaign and won't be the last. Other high profile attacks against the New York Times and Associated Press have made headlines in the past and I'd suspect many other news organisations are being targeted on a daily basis. If there is a silver lining with this latest cyberattack, it appears to be that News Corp minimised the data loss.

Unfortunately, for the vast majority of companies, it is inevitable that they will
.....Read More

News Corp certainly isn't the first news organisation targeted in an espionage campaign and won't be the last. Other high profile attacks against the New York Times and Associated Press have made headlines in the past and I'd suspect many other news organisations are being targeted on a daily basis. If there is a silver lining with this latest cyberattack, it appears to be that News Corp minimised the data loss.

Unfortunately, for the vast majority of companies, it is inevitable that they will be breached. Today, prevention is measured by how quickly companies identify the risk and kick the hackers out of the network before they do damage. What fuels these espionage campaigns is the fact Russia, China, North Korea, Iran and other nation-states don't follow the rule of law and they provide safe havens for many hacking groups and fund other ones. I like to call it 'state-ignored' hacking activity and operations. Overall, it’s time to do more than the minimum. It’s time to tighten up and get the security practices right. Least privilege. Resilience. Planning for the worst. A detection mindset. Don’t just do more of the same, presume infection and get good at preventing it, finding it, recovering from it, and limiting the blast radius when it happens.
  Read Less
February 07, 2022
Tom Garrubba
Senior Director and CISO
Shared Assessments

Normally the Olympic seasons bring out the best in people. Sadly though, threat actors don’t sleep and are waiting to pounce thinking the guard is down on tempting targets. Given the present state of world affairs, all organizations – regardless of industry - should be operating at an increased “state of alert” as the threat environment has expanded greatly due to geopolitical issues.

As the threat environment continues to change, proper and continuous diligence is required to ensure all cyber

.....Read More

Normally the Olympic seasons bring out the best in people. Sadly though, threat actors don’t sleep and are waiting to pounce thinking the guard is down on tempting targets. Given the present state of world affairs, all organizations – regardless of industry - should be operating at an increased “state of alert” as the threat environment has expanded greatly due to geopolitical issues.

As the threat environment continues to change, proper and continuous diligence is required to ensure all cyber defensive tools and techniques are employed to protect your most precious data assets. Continuous intelligence, monitoring, and dialogue with critical partners and suppliers should be ongoing to ensure “all is ready” in the event recovery is needed, and that additional support is available in the event something were to occur.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts