Cover Feature
Chinese interests allegedly behind news corp cyberattack UPDATE
C
hina-based hackers have successfully accessed business email accounts and documents used by News Corp journalists at News Technology Services, Dow Jones, News UK, and the New York Post. The global media organisation confirmed the cyberattack in an SEC filing. The intrusion was discovered on January 20, 2022. However, the attack is reported to date back to early 2020 and targeted scores of journalists and other employees. “The company’s preliminary analysis indicates that foreign government involvement may be associated with this activity and that data was taken, the SEC filing said. The cybersecurity company News Corp brought in to investigate the attack went further. David Wong, vice president of incident response at Mandiant, said, “Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests.” News Corp says its systems holding customer and financial data were unaffected. The attackers did not target other News Corp business units that include News Corp Australia, Foxtel, and REA. In its SEC filing, News Corp said it uses third-party providers for some technology and cloud-based systems and services to support its business operations. It was there they found the intrusion. “The Company is conducting an investigation into the circumstances of the activity to determine its nature, scope, duration and impacts,” the SEC filing noted “The company is remediating the issue, and to date has not experienced any related interruptions to its business operations or systems. Based on its investigation to date,
24 | Australian Cyber Security Magazine
the company believes the activity is contained.” One of the high-profile media brands targeted, The Wall Street Journal (WSJ), has a fraught recent history with the Chinese Government. In early 2020, Beijing cancelled the credentials of three Beijing-based WSJ journalists after the Government took issue with an opinion piece published by the newspaper. WSJ journalists were among multiple journalists working for US media organisation later forced to leave China. The Chinese Government later allowed some journalists to return. “Groups associated with the Chinese gov have long been accused of targeting journalists – often those that report on human rights,” says Toby Lewis, Global Head of Threat Analysis at Darktrace. “However, from my experience, when attacks against media corporations are purely for espionage purposes, the real target is not the journalist but their in-country sources.” Lewis says media organisations can expect to be under continual low and slow attacks from threat actors keen to access high quality and reliable information. He says the attackers are agile, switching from one attack method to another if the first proves unsuccessful. “The problem is the methods used by these groups are always changing. Traditional defences that have been used by many media corporations, newspapers, online magazines and broadcasters for the last 20 years can only stop known attacks – attack techniques that have been seen before,” Lewis adds. The Chinese Embassy in Washington has denied knowledge of the cyberattack and called for a considered investigation instead of “allegations based on speculations.”