News Corp says hackers first breached its systems between Feb 2020 and Jan 2022

The
investigation
conducted
by
News
Corporation
(News
Corp)
revealed
that
attackers
remained
on
its
network
for
two
years.

In
February
2022,
the
American
media
and
publishing
giant
News
Corp


revealed
it
was
the
victim
of
a
cyber
attack
from
an
advanced
persistent
threat
actor
that
took
place
in
January
2022.

The
attackers compromised
one
of
the
company
systems
and
had
access
to
the
emails
and
documents
of
some
employees.

Initial
investigation
into
the
hack
revealed
that
the
attack
was
carried
out
by
a
nation-state
actor
for
cyber
espionage
purposes.
News
Corp
has
hired
cybersecurity
and
incident
response
firm
Mandiant, to
assist
with
the
investigation.
Mandiant
researchers
speculate
the
attack
was
conducted
by
a
China-linked
APT
group.

“Mandiant
assesses
that
those
behind
this
activity
have
a
China
nexus,
and
we
believe
they
are
likely
involved
in
espionage
activities
to
collect
intelligence
to
benefit
China’s
interests,” David
Wong,
vice
president
of
consulting
at
Mandiant,
told
Reuters.

News
Corp-owned
WSJ reported that
the
attack
affected
a
major
portion
of
the
new
conglomerate,
including The
Wall
Street
Journal
and
New
York
Post.

Now
News
Corp
revealed
that
the
threat
actor
behind
the
security
breach
first
gained
a
foothold
in
the
company
infrastructure
in
February
2020.

“On
January
20,
2022,
News
Corp
discovered
cyberattack
activity
on
a
business
email
and
document
storage
system
used
by
several
News
Corp
businesses.
As
soon
as
we
became
aware
of
the
activity,
we
notified
U.S.
law
enforcement
and
launched
an
investigation
with
the
assistance
of
a
leading
cybersecurity
firm.
Based
on
the
investigation,
News
Corp
understands
that,
between
February
2020
and
January
2022,
an
unauthorized
party
gained
access
to
certain
business
documents
and
emails
from
a
limited
number
of
its
personnel’s
accounts
in
the
affected
system,
some
of
which
contained
personal
information.”
reads

the
data
breach
notification
letters
sent
to
employees
and
published
by
BleepingComputer.
“Our
investigation
indicates
that
this
activity
does
not
appear
to
be
focused
on
exploiting
personal
information.”

The
company
added
that
they
are
not
aware
of
reports
of
identity
theft
or
fraud
in
connection
with
the
security
breach.

Exposed
data
include
name,
date
of
birth,
Social
Security
number,
driver’s
license
number,
passport
number,
financial
account
information,
medical
information,
and
health
insurance
information.
Not
all
of
this
information
was
impacted
for
each
affected
individual.

Follow
me
on
Twitter:


@securityaffairs
and


Facebook
and


Mastodon

Pierluigi Paganini

(SecurityAffairs –

hacking,
News
Corporation)

Share
On

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts