China-linked hackers target News Corp journos, tech suppliers

News Corp said late last week that the media giant was hit by hackers who gained access to employees’ emails and stole company data in an attack that the firm’s cybersecurity consultant said could likely be traced back to China.

The “persistent cyberattack activity” was discovered last month, and News Corp-owned Wall Street Journal reported that emails and documents of employees including journalists were targeted. The Journal cited people who reported that the intrusions appear to date back to February 2020, impacting not only scores of News Corp staff, but also the media juggernaut’s third-party technology suppliers, according to a company securities filing last Friday.

News Corp told US market regulator Securities Exchange Commission in a filing that the “company’s preliminary analysis indicates that foreign government involvement may be associated with this activity, and that data was taken.”

The filing went on to point out that News Corp “relies on third-party providers for certain technology and ‘cloud-based’ systems and services that support a variety of business operations.” It is the latest major entity to report a digital breach, with targets ranging from hospitals to farming collectives and government agencies hit by hacks and cyberextortion.

This ongoing threat is the latest incident of criminal or state-backed hackers invading an organization’s internal systems for intelligence-gathering purposes, particularly the media, and reaching their targets via the somewhat tenuous connections established with third-party software and technology providers.

In an email to its workers, News Corp said that customer and financial data had not been exposed in the breach. “In addition, we have not experienced related interruptions to our business operations,” Chief Technology Officer David Kline and Chief Information Security Officer Billy O’Brien wrote in the email. “Based on our investigation to date, we believe the threat activity is contained.”

The attackers did manage to break into reporters’ emails and data stored in cloud-based services like Google Docs, including drafts of articles. “Our preliminary analysis indicates that foreign government involvement may be associated with this activity, and that some data was taken,” the email said. “Our highest concern is the protection of our employees, including our journalists, and their sources.”

Cybersecurity firm Mandiant, who are helping to investigate the systems, said in a statement that “those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests.”

Washington has suspected for years that China is conducting cyberattacks against US companies, organizations or government agencies – accusations that Beijing vigorously denies. While state-backed Russian hacks tend to get more headlines, FBI director Christopher Wray mentioned in a speech last week that the bureau opens investigations tied to suspected Chinese espionage operations about every 12 hours – and that Chinese hackers have been quietly stealing organization and personal data for years now, ever since the prevalence of the internet and digital data have taken firm root.

Over 2,000 FBI investigations “are focused on the Chinese government trying to steal our information or technology,” the agency’s director said last week. He also noted that Chinese government hackers have been pilfering more personal and corporate data than all other countries combined.

In particular, the United States has accused China of being responsible for the massive hack that targeted Microsoft’s Exchange email services in March 2021. Beijing has denounced the allegations as baseless.

 

 

 

 

 

With additional reporting from © Agence France-Presse