News Corp. suspects China in cyberattack on its operations
The Washington Post February 4, 2022
Wall Street Journal parent News Corp was hit with a “persistent” cyberattack that compromised employee email accounts and documents - possibly on behalf of China - according to statements from the company and its security consultant.
In a regulatory filing Friday, the company disclosed that the hack discovered last month may have been orchestrated by a foreign government. But its cybersecurity firm, Mandiant, specified a “China nexus” to the breach. “We believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” David Wong, Mandiant’s vice president for consulting, said in an emailed statement to The Washington Post.
The cyberattack has been contained, the media giant said, and did not affect systems housing subscriber information.
In a note to employees Friday, two News Corp executives said the attack affected “a limited number of business email accounts and documents” from the company’s headquarters, as well as from the Dow Jones publishing company that distributes the Wall Street Journal, the New York Post, and News UK. Journalists were among those whose email accounts were accessed, according to a person with knowledge of the matter but not authorized to speak publicly about it.
“Even though the vast majority of our people’s emails and documents were not the target of this attack activity, we take seriously any attack on our organization and our employees, including our journalists,” wrote chief technology officer David Kline and chief information security officer Billy O’Brien.
They said the news organization “will not tolerate attacks on our journalism, nor will we be deterred from our reporting, which provides readers everywhere with the news that matters.”
A representative for the Chinese embassy in Washington did not immediately respond to a request for comment.
Security experts and U.S. law enforcement officials say China has employed hackers for years to collect intellectual property and other sensitive data from a range of U.S. companies and institutions. The FBI has more than 2,000 open investigations focused on the ways Beijing is trying to steal information and technology, director Christopher Wray said Tuesday in a speech at the Ronald Reagan Presidential Library and Museum in Simi Valley, Calif.
“There is just no country that presents a broader threat to our ideas, our innovation, and our economic security than China,” Wray said.
Officials in both China and the United States have warned against cyberattacks from the other as the relationship has grown fraught in recent years. Washington has long accused Beijing of cyberattacks motivated by economic espionage, as well as surveillance of political targets. Beijing says it’s the victim, not the perpetrator, of cyberattacks.
U.S. news organizations have reported hacks against journalists with suspected ties to China over the years. In 2015, reporters writing about the Defense Department, the White House and the CIA for The Washington Post received letters saying their personal information may have been stolen. U.S. officials said privately at the time that the hackers were with the Chinese government. In 2013, the New York Times and the Journal reported they were the targets of cyberattacks from China.
China expelled three Wall Street Journal reporters in February 2020, ostensibly in retaliation for a column headline the government deemed to be racist, amid frosty U.S.-China relations. The move followed a decision by the United States a day earlier to designate five major Chinese media outlets as government entities.
News Corp noted in its regulatory filing Friday that cyberattacks have ramped up in recent years, adding that its defenses have been made more complicated by remote work during the pandemic. It said hackers exploited a cloud-based system operated by an unnamed third party.
“Such attacks are becoming increasingly more sophisticated, targeted and difficult to detect and prevent against,” the company wrote. “As a result of the COVID-19 pandemic, remote work and remote access to the Company’s systems has increased significantly, which may adversely impact the effectiveness of the Company’s security measures. Consequently, the risks associated with such an event continue to increase, particularly as the Company’s digital businesses expand.”