A company filing reported that hackers with suspected links to China targeted News Corp’s third-party technology suppliers.
News Corp said that the hack has accessed their emails and documents of journalists and other employees. The report of the break came days after Federal Bureau of Investigation Director Christopher Wray warned of Chinese-linked attempts to steal sensitive or valuable data.
In fact, over the past years, US officials have reported that it has been increasingly warning of criminal and nation-state hackers breaking into the computer systems of organizations through opaque supply chains for software and other technologies.
“relies on third-party providers for certain technology and ‘cloud-based’ systems and services that support a variety of business operations. In fact, one of these systems was the target of persistent cyberattack activity.”
A spokesman from News Corp declined to further comment.. In its email to staff, News Corp commented that computer systems housing consumer and financial data weren’t affected. Chief Technology Officer David Kline and Chief Information Security Officer Billy O’Brien wrote in the email:
“In addition, we have not experienced related interruptions to our business operations. Based on our investigation to date, we believe the threat activity is contained.”
On Friday, the WSJ clarified that the hackers had access to the company’s systems since at least February 2020, gaining full access to emails and Google Docs, including drafts of articles.
Runa Sandvik, a former senior director for information security at the New York Times, noted that gaining access to emails and documents could give hackers snapshots of reporters’ sources and plans for articles.
On Friday the company disclosed the hack to law-enforcement officials and is providing technical details of the attack to the Media and Entertainment Information Sharing and Analysis Center, a nonprofit organisation that shares security information among the media industry.
Chris Taylor, director of the ME-ISAC, said that hackers are sending countless phishing emails to many potential targets in the hope of landing a victim. He clarified that specified attacks are much scarier but they are way less frequent, because they require attackers to do more thorough research. Mandiant Inc., a cybersecurity company that specializes in investigating hacks, is helping News Corp answer to the incident. David Wong, Mandiant’s vice president of consulting, commented:
“Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests. China firmly opposes and combats cyber attacks and cyber theft in all forms,” a spokesman for the Chinese Embassy in Washington said in an email. “We hope that there can be a professional, responsible and evidence-based approach to identifying cyber-related incidents, rather than making allegations based on speculations.”
Moreover, the Biden administration has ordered federal agencies to more aggressively evaluate their vendors. They urged companies to do the same as they shore up their internal defenses.