Pierluigi Paganini February 04, 2022

American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat actor.

American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat actor that took place in January.

The attackers compromised one of the systems of the company and had access to emails and documents of some employees.

The news of the cyber attack made the headlines following a Securities & Exchange Commission (SEC) filing and was first reported by BleepingComputer. 

“In January 2022, the Company discovered that one of these systems was the target of persistent cyberattack activity. Together with an outside cybersecurity firm, the Company is conducting an investigation into the circumstances of the activity to determine its nature, scope, duration and impacts. The Company’s preliminary analysis indicates that foreign government involvement may be associated with this activity, and that data was taken. To the Company’s knowledge, its systems housing customer and financial data were not affected.” reads the SEC filing“The Company is remediating the issue, and to date has not experienced any related interruptions to its business operations or systems. Based on its investigation to date, the Company believes the activity is contained. At this time, the Company is unable to estimate the expenses it will incur in connection with its investigation and remediation efforts.”

Initial investigation into the hack revealed that the attack was carried out by a nation-state actor for cyber espionage purposes. News Corp has hired cybersecurity and incident response firm Mandiant, to assist with the investigation. Mandiant researchers speculate the attack was conducted by a China-linked APT group.

“Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” David Wong, vice president of consulting at Mandiant, told Reuters.

News Corp-owned WSJ reported that the attack affected major portion of the new conglomerate, including The Wall Street Journal and New York Post.

The Reuters also reported the content of a letter sent by the company to its employees:

“Although we are in the early stages of our investigation, we believe the activity affected a limited number of business email accounts and documents from News Corp headquarters, News Technology Services, Dow Jones, News UK, and New York Post,” “Our preliminary analysis indicates that foreign government involvement may be associated with this activity, and that some data was taken.”

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, News Corp)

[adrotate banner=”5″]

[adrotate banner=”13″]