News Corp says hackers first breached its systems between Feb 2020 and Jan 2022

The investigation conducted by News Corporation (News Corp) revealed that attackers remained on its network for two years.

In February 2022, the American media and publishing giant News Corp revealed it was the victim of a cyber attack from an advanced persistent threat actor that took place in January 2022.

The attackers compromised one of the company systems and had access to the emails and documents of some employees.

Initial investigation into the hack revealed that the attack was carried out by a nation-state actor for cyber espionage purposes. News Corp has hired cybersecurity and incident response firm Mandiant, to assist with the investigation. Mandiant researchers speculate the attack was conducted by a China-linked APT group.

“Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” David Wong, vice president of consulting at Mandiant, told Reuters.

News Corp-owned WSJ reported that the attack affected a major portion of the new conglomerate, including The Wall Street Journal and New York Post.

Now News Corp revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020.

“On January 20, 2022, News Corp discovered cyberattack activity on a business email and document storage system used by several News Corp businesses. As soon as we became aware of the activity, we notified U.S. law enforcement and launched an investigation with the assistance of a leading cybersecurity firm. Based on the investigation, News Corp understands that, between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information.” reads the data breach notification letters sent to employees and published by BleepingComputer. “Our investigation indicates that this activity does not appear to be focused on exploiting personal information.”

The company added that they are not aware of reports of identity theft or fraud in connection with the security breach.

Exposed data include name, date of birth, Social Security number, driver’s license number, passport number, financial account information, medical information, and health insurance information. Not all of this information was impacted for each affected individual.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, News Corporation)