News Corp says hackers first breached its systems between Feb 2020 and Jan 2022

The investigation conducted by News Corporation (News Corp) revealed that attackers remained on its network for two years.

In February 2022, the American media and publishing giant News Corp revealed it was the victim of a cyber attack from an advanced persistent threat actor that took place in January 2022.

The attackers compromised one of the company systems and had access to the emails and documents of some employees.

Initial investigation into the hack revealed that the attack was carried out by a nation-state actor for cyber espionage purposes. News Corp has hired cybersecurity and incident response firm Mandiant, to assist with the investigation. Mandiant researchers speculate the attack was conducted by a China-linked APT group.

“Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” David Wong, vice president of consulting at Mandiant, told Reuters.

News Corp-owned WSJ reported that the attack affected a major portion of the new conglomerate, including The Wall Street Journal and New York Post.

Now News Corp revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020.

“On January 20, 2022, News Corp discovered cyberattack activity on a business email and document storage system used by several News Corp businesses. As soon as we became aware of the activity, we notified U.S. law enforcement and launched an investigation with the assistance of a leading cybersecurity firm. Based on the investigation, News Corp understands that, between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information.” reads the data breach notification letters sent to employees and published by BleepingComputer. “Our investigation indicates that this activity does not appear to be focused on exploiting personal information.”

The company added that they are not aware of reports of identity theft or fraud in connection with the security breach.

Exposed data include name, date of birth, Social Security number, driver’s license number, passport number, financial account information, medical information, and health insurance information. Not all of this information was impacted for each affected individual.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, News Corporation)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.