Mandiant: News Corp Cyberattack Likely Tied to China

News Corp says it was targeted by a cyberattack that it believes had the goal of gathering intelligence to benefit China. The Wall Street Journal and New York Post are among News Corp’s publications.

News Corp disclosed the cyberattack in a Securities and Exchange Commission (SEC) filing. It discovered the attack last month.

“The company’s preliminary analysis indicates that foreign government involvement may be associated with this activity, and that data was taken,” it said.

News Corp said the hack didn’t affect customer and financial data.

“The company is remediating the issue, and to date has not experienced any related interruptions to its business operations or systems,” it said.

At this time, News Corp is unable to estimate the expenses it will incur in connection with its investigation and remediation efforts.

Mandiant Working with News Corp

News Corp hired Mandiant to look at the incident. David Wong is Mandiant‘s vice president of consulting.

Mandiant’s David Wong

“Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests.” he said.

According to the Wall Street Journal, the hack affected a number of publications and business units. That includes the Journal and its parent Dow Jones, the New York Post, the company’s U.K. news operation and its headquarters. The hack accessed emails and documents of some employees, including journalists.

Tim Erlin is vice president of strategy at Tripwire. He said the information shared by News Corp and Mandiant likely isn’t the full story.

Tripwire’s Tim Erlin

“Cyberattack attribution is extremely difficult, and while the casual reader may draw the conclusion here that China is responsible, which may be true, it’s worth noting the language that Mandiant uses,” he said. “The statement does not go as far as pointing to the Chinese government directly. The term ‘China nexus’ and the phrase ‘benefit China’s interests’ are both ways of softening the conclusion. In these types of reports, language matters.”

On its surface, this seems like the kind of incident the newly formed Cyber Safety Review Board might investigate, Erlin said. This might be a test of the effectiveness of that effort. However, given the international nature of News Corp, it will also test how that board addressed the inherently different borders that apply to cybersecurity.

Reporters’ Materials Mined for Intelligence

Paul Farrington is Glasswall‘s chief product officer.

“Cyber has joined land, sea and air to become the fourth conflict theater,” he said. “From a risk/reward perspective, it’s a theater of operations that offers a lot of advantages.”

Cybercriminals can carry out attacks with few or no repercussions, yet have devastating practical consequences, Farrington said.

“Attackers are not waging war or committing acts of aggression in the traditional sense,” he said. “And there are as yet few examples where attacks have caused human casualties. However, each incident adds to the underlying tension and suspicion that exists on the international stage.”

Politically motivated cybercriminals mine reporters’ materials for intelligence, Farrington said. That’s because reporters often speak to confidential sources and gather important information on world events.

“As the weaponization of information technology escalates at an alarming rate, organizations must significantly improve their ability to proactively identify and defend against attacks, irrespective of their source and motivation,” he said.