Do you have any information about this hack or News Corp’s response to it? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email lorenzofb@vice.com
Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.A NOTE FROM DAVID KLINE
Dear Colleagues,
Cyberattacks from China on global businesses are all too frequent in today’s connected environment, as FBI Director Christopher Wray reminded us earlier this week, when he spoke of China’s “massive, sophisticated hacking program that is bigger than those of every other major nation combined.” While News Corp has protections in place, we appear to have been the target of persistent nation-state attack activity that affected a limited number of our employees. Even though the vast majority of our people’s emails and documents were not the target of this attack activity, we take seriously any attack on our organization and our employees, including our journalists.
On January 20th, News Corp discovered attack activity on a system used by several of our business units. As soon as we discovered the activity, we notified U.S. law enforcement and launched an investigation with the assistance of Mandiant—a leading cybersecurity firm. As part of our efforts, we promptly took steps to contain the activity and our investigation to date indicates that the systems housing customer and financial data were not affected. In addition, we have not experienced related interruptions to our business operations. Based on our investigation to date, we believe the threat activity is contained.
Although we are in the early stages of our investigation, we believe the activity affected a limited number of business email accounts and documents from News Corp headquarters, News Technology Services, Dow Jones, News UK, and New York Post. Our preliminary analysis indicates that foreign government involvement may be associated with this activity, and that some data was taken. Mandiant assesses that those behind this activity have a China nexus and believes they are likely involved in espionage activities to collect intelligence to benefit China’s interests.
Our highest concern is the protection of our employees, including our journalists, and their sources. We are working closely with the leadership teams of the affected businesses to inform those employees whose accounts were impacted and help them take appropriate measures. As an employee, if you are not contacted directly about this activity, we do not believe your account was targeted. To our knowledge, this activity was not targeted at our other business units, including HarperCollins Publishers, Move, News Corp Australia, Foxtel, REA, and Storyful.
We will not tolerate attacks on our journalism, nor will we be deterred from our reporting, which provides readers everywhere with the news that matters. We believe it is important that other media organizations be made aware of this threat in order to take appropriate precautions, and we are providing technical details of the attack to the Media Information Sharing and Analysis Organization.
We are continuing to work through the investigation. If you have pressing questions, please speak with your manager. We also encourage you to review the cyber-secure guidance we have shared previously.
Thank you for the critically important work you do every day to serve our readers, viewers, and customers.