News Corp, a multinational mass media corporation, said sensitive data was stolen from journalists and other employees in a cyberattack. The attack was likely conducted to gather intelligence to benefit China’s interests, News Corp says. 

Discovered on Jan. 20, the attack impacted several publications and business units, including The Wall Street Journal and its parents Dow Jones, the New York Post, the company’s U.K. news operation, and News Corp headquarters, according to a company email. 

News Corp notified law enforcement and hired Mandiant Inc., a cybersecurity firm, to help support an investigation into the attack. “Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” said David Wong, vice president of incident response at Mandiant.

A spokesman for the Chinese Embassy in Washington, Liu Pengyu, said that China is a staunch defender of cybersecurity and “firmly opposes and combats cyberattacks and cyber theft in all forms.” Mr. Pengyu noted that identifying the source of cyberattacks is technically complex. “We hope that there can be a professional, responsible and evidence-based approach to identifying cyber-related incidents, rather than making allegations based on speculations,” Mr. Liu said.

While the threat has been contained, News Corp says an initial investigation revealed data was taken. The intrusion appeared to data to at least February 2020; hackers accessed reporters’ emails and Google Docs, including drafts of articles. The preliminary investigation indicates that systems housing financial and customer data, including subscriber information, weren’t affected. 

Hackers appeared to be interested in a range of topics, including issues of importance to Beijing, such as Taiwan and China’s Uyghur ethnic group, draft Journal articles and notes about U.S. military troop activity, U.S. technology regulations related to China, and articles about President Joe Biden, Vice President Kamala Harris and senior White House officials. Journalists impacted by the breach have expressed concerns over the safety and privacy of their sources.

In a recent speech, FBI Director Christopher Wray said the bureau opens investigations tied to suspected Chinese espionage operations about every 12 hours, and has more than 2,000 probes. 

Groups associated with the Chinese government have long been accused of targeting journalists — often those that report on human rights. “However, from my experience, when attacks against media corps are purely for espionage purposes, the real target is not the journalist but their in-country sources,” says Toby Lewis, Global Head of Threat Analysis at Darktrace.

News Corp has referred to this as a “persistent” nation-state attack — a term used in the industry to describe attacks where hackers have very specific objectives, Lewis explains. “Targets will be hit by low and slow attacks, and if the attackers fail to gain access with one method, they will reattempt access until they are successful. The problem is that the methods used by these groups are always changing. Traditional defenses that many media corporations have used, newspapers, online magazines and broadcasters for the last 20 years can only stop known attacks and, at best, attack techniques that have been observed before.”

The reality is that media corporations will be under constant attack from the most sophisticated attackers every minute or every day. “Reliable and trustworthy sources of media and information are essential, and that is why we have seen an uptick in media organizations partnering with artificial intelligence to defend journalists and critical systems. The urgent challenge to be tackled is how to spot and stop novel attacks quickly before sensitive data gets into the wrong hands and before normal business operations are disrupted,” Lewis adds.