Rupert Murdoch’s News Corp, the publisher of The Sun, The Sunday Times and The Wall Street Journal, said it has been hacked, with data stolen from journalists and other employees.
The cyber security firm investigating the intrusion said Chinese intelligence-gathering is believed to be behind the operation, which also struck its News UK arm.
The Journal reported that the hacking appeared to date back to February 2020 and that scores of employees had been affected.
Hackers were said to have been able to access reporters’ emails and Google Docs, including drafts of articles.
News Corp, whose publications and businesses include the New York Post and Journal parent Dow Jones, said it discovered the breach on January 20.
It said customer and financial data were so far not affected and company operations were not interrupted.
The Winter Olympic Games #Beijing2022 are just a couple of days away. Mandiant's @criskittner spoke to @TJowitt about the #cybersecurity aspects for visitors and connected orgs to consider.
Read more from @SiliconGB. https://t.co/vfjrLHFSGC— Mandiant (@Mandiant) February 2, 2022
But the potential impact on news reporting and sources is a serious concern. News organisations are prime targets for the world’s intelligence agencies because their reporters are in constant contact with sources of sensitive information.
Journalists and newsrooms from Mexico and El Salvador to Qatar, where Al-Jazeera is based, have been hacked with powerful spyware.
Mandiant, the cyber security firm investigating the hack, said in a statement that it “assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests”.
The timing of News Corp’s announcement, including in a regulatory filing on Friday, coincided with the opening of the Winter Olympics in Beijing. Athletes and journalists at the Games have been advised to bring “burner” phones and sanitised laptops to protect against cyber espionage.
In the regulatory filing, News Corp said it had discovered in January that one of its technology providers was “the target of persistent cyberattack activity”, without elaborating.
In an email to staff, News Corp said the hack had “affected a limited number” of email accounts and documents from News Corp headquarters, News Technology Services, Dow Jones, News UK, and the New York Post.
“Our preliminary analysis indicates that foreign government involvement may be associated with this activity, and that some data was taken,” the email said.
“Our highest concern is the protection of our employees, including our journalists, and their sources,” it added, saying it believed the “threat activity is contained”.
FBI director Christopher Wray said in a speech this week that the bureau opens investigations tied to suspected Chinese espionage operations about every 12 hours, and has more than 2,000 such probes.
He said Chinese government hackers have been stealing more personal and corporate data than all other countries combined.
While state-backed Russian hacking tends to get more headlines, US officials say China has been stealthily stealing far more valuable commercial and personal data over the past few decades as digital technology took hold.
Major newsrooms, including The New York Times, where a Chinese cyber espionage operation was uncovered in 2013, have previously been compromised.
A spokesperson for the Chinese embassy in Washington did not explicitly deny Beijing’s involvement in the hack, but said in a statement on Friday evening that “China firmly opposes and combats cyber attacks and cyber theft in all forms”.
The reported onset of the News Corp hack – February 2020 – coincides with Beijing’s revocation of the press credentials of three Journal reporters based in the Chinese capital in what China’s foreign ministry said was punishment for an opinion piece the newspaper published.
News Corp’s assets also includes the publishing house HarperCollins, News Corp Australia and Storyful, which the email to employees said were apparently not targeted by the hackers.