Cyberattack on News Corp, Believed Linked to China, Targeted Emails of Journalists, Others
News Corp. was the target of a hack that accessed emails and documents of some employees, including journalists, an incursion the company’s cybersecurity consultant said was likely meant to gather intelligence to benefit China’s interests.
The attack, discovered on Jan. 20, affected a number of publications and business units including The Wall Street Journal and its parent Dow Jones; the New York Post; the company’s UK news operation; and News Corp headquarters, according to an email the company sent to staff Friday.
News Corp. said it notified law enforcement and hired cybersecurity firm Mandiant Inc. to support an investigation.
“Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China̵[ads1]7;s interests,” said David Wong, vice president of incident response at Mandiant.
News Corp disclosed the hack in a securities filing Friday, saying its preliminary analysis indicates that data was taken.
Representatives for the Chinese Embassy in Washington did not immediately respond to requests for comment.
News Corp said in the memo to staff it believes the threat activity is contained. The company has been offering guidance to affected employees.
“We are committed to protecting our journalists and sources. We will not be deterred from our purpose — to provide uniquely trusted journalism and analysis. We will continue to publish the important stories of our time, ”said Almar Latour, chief executive of Dow Jones and publisher of The Wall Street Journal.
The company’s investigation indicates that systems housing financial and customer data, including subscriber information, were not affected, according to the securities filing and a person familiar with the matter.
Law-enforcement officials and cybersecurity experts say that journalists are often high-priority targets for hackers seeking to gain intelligence on behalf of foreign governments, because they speak to sources who might have valuable or sensitive information. Powerful surveillance tools have been used against journalists and human-rights activists.
US authorities have accused China-based hackers for years of targeting a range of American businesses and government institutions. FBI Director Christopher Wray said this week that Beijing is running a “massive, sophisticated hacking program that is bigger than those of every other major nation combined.” The FBI has more than 2,000 active investigations related to allegations of Chinese-government-directed theft of US information or technology, Mr. Wray said.
China has repeatedly denied allegations that it has carried out cyberattacks.
In 2013, Chinese hackers trying to monitor news coverage of China hacked into the Journal’s network, apparently aiming to spy on reporters covering China and other issues, the Journal reported. The New York Times had experienced a similar attack. At the time, a Chinese embassy spokesman condemned allegations of Chinese cyberspying and said Beijing prohibits cyberattacks.
In February 2020, China revoked the press credentials of three Journal reporters based in Beijing. China’s Foreign Ministry said the move was punishment for an opinion piece published by the Journal. The three journalists work for the Journal’s news operation, which operates with a strict separation from the opinion staff.
The following month, the Trump administration announced a personnel cap in the US on four state-run Chinese media outlets. Later that March, China expelled from the country American journalists from multiple news organizations, including the Journal.
In November 2021, each country agreed to ease visa restrictions for the other’s reporters. The Journal was among a handful of US outlets set to receive new press credentials for some staff.
Write to Alexandra Bruell at alexandra.bruell@wsj.com and Sadie Gurman at sadie.gurman@wsj.com
Copyright © 2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8