IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

China-backed hackers linked to News Corp cyber attack

Journalists at high-profile media organisations such as the Wall Street Journal and The Times were targeted in the attack linked to espionage activity

China has been accused of launching a cyber attack on a number of high-profile media organisations and journalists with the intent to steal data for the purposes of espionage. 

Rupert Murdoch's News Corp announced on Friday that its journalists had their emails hacked and information had been stolen. Well-known media organisations under the News Corp umbrella include Dow Jones' Wall Street Journal and Barrons, News UK's The Sun and The Times, the New York Post, Harper Collins Publishers, and the New York Post.

News Corp brought in cyber security firm Mandiant to perform an initial assessment of the attack which informed the corporation's disclosure in a filing with the US Securities and Exchange Commission (SEC). 

"Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China's interests," said David Wong, vice president, consulting at Mandiant to IT Pro

"In January 2022, the Company discovered that one of [its cloud-based] systems was the target of persistent cyber attack activity," News Corp said in the filing. "Together with an outside cyber security firm, the Company is conducting an investigation into the circumstances of the activity to determine its nature, scope, duration and impacts. The Company’s preliminary analysis indicates that foreign government involvement may be associated with this activity, and that data was taken."

News Corp also said its systems dedicated to housing customer and financial data were not affected and has not experienced and relate interruptions to its business operations or systems. The corporation believes the situation is now contained and said it is currently unable to determine the financial cost the attack and resultant investigation will incur.

"News Corp certainly isn't the first news organisation targeted in an espionage campaign and won't be the last," said Sam Curry, chief security officer, Cybereason to IT Pro. "Other high profile attacks against the New York Times and Associated Press have made headlines in the past and I'd suspect many other news organisations are being targeted on a daily basis. If there is a silver lining with this latest cyberattack, it appears to be that News Corp minimised the data loss."

Related Resource

Your journey to zero trust

What you wish you knew before you started

Image of speaker Dave Gruber in black and white with associated company logos along bottomWatch now

News Corp went on to say in the SEC filing that cyber attacks have been affecting businesses more frequently in recent years and that it "has experiences, and expects to contribute to be subject to, cyber security threats and activity. It said it can't make assurances that the China-linked January attack will not have a material adverse effect in the future and the countermeasures it implemented will prevent further attacks. 

"Groups associated with the Chinese government have long been accused of targeting journalists – often those that report on human rights," said Toby Lewis, head of threat analysis at Darktrace. "However, from my experience, when attacks against media corporations are purely for espionage purposes, the real target is not the journalist but their in-country sources.

Democracy under fire

The attack on News Corp is the latest in a long line of cyber attacks on news organisations and follows a year in which a large number of campaigns targeting journalists were uncovered. 

"The media and entertainment industry plays a vital role in forming public outlook and a national view, making it a significant target for cyberthreat actors, nation-states and hacktivists seeking visibility," said Atos in a 2021 report

"Nation-state-sponsored threat actors may try to exfiltrate or destruct such content to expose or discourage certain publications or merely to evaluate what the organisation knows about the issue and identify its sources."

First discovered in 2016, NSO Group's infamous Pegasus spyware continued to be used against journalists across the world, including those based in the United Arab Emirates, Egypt, and El Salvador, with the latter case prompting Apple to launch a lawsuit against the Israeli creator of the spyware.

Speaking at Black Hat Europe in November 2021, Stanford University’s Marietje Schaake criticised global governments for not introducing stronger regulations on state-backed cyber attackers. She said world leaders have "barley acted" on the issues and this inaction "effectively condones" attacks on democracy.

Google also made the decision in October 2021 to provide 10,000 high-risk Gmail users, such as journalists, with access to security keys and its Advanced Protection Program in the wake of high-profile attacks.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download


What is cyber warfare?

What is cyber warfare?

15 Oct 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off

Researchers demonstrate how to install malware on iPhone after it's switched off

18 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022