Image: Erik McGregor/LightRocket via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.
On Friday, Ruper Murdoch’s media empire News Corp disclosed that hackers, suspected to be Chinese, broke into some of its systems and that “data was taken,” according to a securities filing.
News Corp said that the company discovered that it had been “the target of persistent cyberattack activity” in January of this year, and that it’s conducting an investigation. The preliminary results of the investigation, the filing continued, indicated “that foreign government involvement may be associated with this activity.”
As reported in several news articles, News Corp hired cybersecurity firm Mandiant to assist in the investigation. And Mandiant believes the hackers’s goal was to support China’s government’s espionage operations.
The company informed all employees in a letter sent via email on Friday and signed by executive vice president of technology and CTO David Kline and chief information security officer Billy O’Brien, according to a copy of the letter obtained by Motherboard.
In the letter, Kline and O’Brien detail what the company knows so far, including the fact that it believes the hackers stole some data, and that, according to Mandiant’s assessment, they are linked to China. The letter also said the company will not be “deterred from our reporting.”
Do you have any information about this hack or News Corp’s response to it? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email firstname.lastname@example.org
Also, the letter made it clear that the company decided to disclose the attack because it believed “is important that other media organizations be made aware of this threat in order to take appropriate precautions.”
“We are providing technical details of the attack to the Media Information Sharing and Analysis Organization,” the letter added, referring to an industry cybersecurity information sharing group.
Here’s the full letter:
A NOTE FROM DAVID KLINE
Cyberattacks from China on global businesses are all too frequent in today’s connected environment, as FBI Director Christopher Wray reminded us earlier this week, when he spoke of China’s “massive, sophisticated hacking program that is bigger than those of every other major nation combined.” While News Corp has protections in place, we appear to have been the target of persistent nation-state attack activity that affected a limited number of our employees. Even though the vast majority of our people’s emails and documents were not the target of this attack activity, we take seriously any attack on our organization and our employees, including our journalists.
On January 20th, News Corp discovered attack activity on a system used by several of our business units. As soon as we discovered the activity, we notified U.S. law enforcement and launched an investigation with the assistance of Mandiant—a leading cybersecurity firm. As part of our efforts, we promptly took steps to contain the activity and our investigation to date indicates that the systems housing customer and financial data were not affected. In addition, we have not experienced related interruptions to our business operations. Based on our investigation to date, we believe the threat activity is contained.
Although we are in the early stages of our investigation, we believe the activity affected a limited number of business email accounts and documents from News Corp headquarters, News Technology Services, Dow Jones, News UK, and New York Post. Our preliminary analysis indicates that foreign government involvement may be associated with this activity, and that some data was taken. Mandiant assesses that those behind this activity have a China nexus and believes they are likely involved in espionage activities to collect intelligence to benefit China’s interests.
Our highest concern is the protection of our employees, including our journalists, and their sources. We are working closely with the leadership teams of the affected businesses to inform those employees whose accounts were impacted and help them take appropriate measures. As an employee, if you are not contacted directly about this activity, we do not believe your account was targeted. To our knowledge, this activity was not targeted at our other business units, including HarperCollins Publishers, Move, News Corp Australia, Foxtel, REA, and Storyful.
We will not tolerate attacks on our journalism, nor will we be deterred from our reporting, which provides readers everywhere with the news that matters. We believe it is important that other media organizations be made aware of this threat in order to take appropriate precautions, and we are providing technical details of the attack to the Media Information Sharing and Analysis Organization.
We are continuing to work through the investigation. If you have pressing questions, please speak with your manager. We also encourage you to review the cyber-secure guidance we have shared previously.
Thank you for the critically important work you do every day to serve our readers, viewers, and customers.