Hackers with suspected links to China targeted
third-party technology suppliers, according to a company filing.
News Corp, which owns the New York Post and The Wall Street Journal parent Dow Jones, said it was the target of a hack that accessed emails and documents of journalists and other employees.
The company in a securities filing on Friday said it “relies on third-party providers for certain technology and ‘cloud-based’ systems and services that support a variety of business operations,” and that one of these systems “was the target of persistent cyberattack activity.”
The attack came as U.S. officials over the past year have been increasingly warning of criminal and nation-state hackers breaking into the computer systems of organizations through sometimes opaque supply chains for software and other technologies.
A News Corp spokesman on Friday declined to comment on its vendors or which data was stolen, citing a continuing investigation. In its email to staff, News Corp said that computer systems housing consumer and financial data weren’t affected.
“In addition, we have not experienced related interruptions to our business operations,” Chief Technology Officer David Kline and Chief Information Security Officer Billy O’Brien wrote in the email. “Based on our investigation to date, we believe the threat activity is contained.”
Messrs. Kline and O’Brien said their inquiry is in its early stages.
The Wall Street Journal reported Friday that hackers had access to News Corp’s systems since at least February 2020, gaining access to emails and Google Docs, including drafts of articles. Beijing that year expelled U.S. journalists employed by news outlets including the Journal, the
New York Times
and the Washington Post.
Gaining access to emails and documents could give hackers snapshots of reporters’ sources and plans for articles, said Runa Sandvik, a former senior director for information security at the New York Times.
“Let’s say attackers get access to emails. Then, potentially, there could be communications about who is going to cover the Olympics in China,” said Ms. Sandvik, who now consults for media organizations. “How are they collaborating?”
News Corp said Friday it disclosed the hack to law-enforcement officials and is providing technical details of the attack to the Media and Entertainment Information Sharing and Analysis Center, a nonprofit that shares security information among the media industry.
Chris Taylor, director of the ME-ISAC, declined to comment on any data News Corp shared, as companies report such information under the promise of anonymity. In most incidents analyzed by the nonprofit, hackers blast out phishing emails to countless potential targets in the hope of landing a victim, Mr. Taylor said.
Attacks tailored for specific organizations “are scarier but they are way less frequent,” he said. “Attackers will do more research.”
a cybersecurity company that specializes in investigating hacks, is helping News Corp respond to the incident.
“Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” said David Wong, Mandiant’s vice president of consulting.
“China firmly opposes and combats cyber attacks and cyber theft in all forms,” a spokesman for the Chinese Embassy in Washington said in an email. “We hope that there can be a professional, responsible and evidence-based approach to identifying cyber-related incidents, rather than making allegations based on speculations.”
The report of the breach comes days after Federal Bureau of Investigation Director Christopher Wray warned of Chinese-linked attempts to steal sensitive or valuable data. Speaking Tuesday at the Ronald Reagan Presidential Library, Mr. Wray highlighted last year’s hack of thousands of U.S. companies through certain versions of
Exchange email client, which is used by many businesses.
“The Chinese government steals staggering volumes of information and causes deep, job-destroying damage across a range of industries—so much so that, as you heard, we’re constantly opening new cases to counter their intelligence operations, about every 12 hours or so,” he said.
The Biden administration has ordered federal agencies to more aggressively vet their vendors and has urged companies to do the same as they shore up their internal defenses. Suppliers are appealing targets because they often have poorly understood connections to other businesses, cybersecurity experts say, raising the possibility that a single hack can wreak widespread havoc.
In December 2020, several federal agencies discovered that a suspected Russian espionage operation broke into their computer systems through a compromised software update from network-management firm
Criminal hackers breached software provider Kaseya Ltd. last summer, exposing hundreds of its clients to potential ransomware attacks. SolarWinds and Kaseya said they worked with U.S. officials and customers to respond to the respective breaches.
Write to David Uberti at [email protected]
Corrections & Amplifications
News Corp said in a securities filing that third-party technology systems used by the company were targeted in a cyber attack. An earlier version of this article incorrectly said hackers entered the company’s computer systems through third-party technology providers.
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8