News Corp Hackers Hid Inside the Network for Two Years


This week, mass communications and publishing giant News Corp disclosed additional details about a three-year-old breach that came to light in 2022. The company revealed that the threat actors were inside its network for two years.

First reported by BleepingComputer, which came across the Rupert Murdoch-headed media conglomerate’s letterOpens a new window to its employees, the hackers attained stealth in the News Corp network and remained hidden for two years between February 2020 and January 2022.

Believed to be conducted by China-based threat actors, News Corp first discovered the breach in February 2022. At the time, the company incorrectly gauged that the attack occurred in January 2021. 

News Corp disclosed in an SEC filingOpens a new window last year that the attack impacted News Corp headquarters, The Wall Street Journal, its parent company Dow Jones, the New York Post, News Corp’s U.K.-based business, including News U.K., Times of London, and the Sun.

“It is astounding that News Corp has only discovered this highly important piece of information one year after the breach was first announced, and it puts employees at a much greater risk of financial fraud and identity theft,” Julia O’Toole, CEO of MyCena Security Solutions, told Spiceworks.

“Given that the attackers had two years of access before they were identified, this means they most likely got away with more information than was first realized, and with no one knowing it was stolen, they wouldn’t have been on high alert for potential attacks,” said O’Toole.

News Corp confirmed that employees’ personal information, including their names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information, and health insurance information, was impacted.

See More: Staying Ahead of Cybersecurity Threats with a Risk-Based Approach

“Detecting an intruder once they are inside an organization can be very difficult, especially if they have a long game in mind and move slowly,” Javvad Malik, lead awareness advocate at KnowBe4, told Spiceworks. “Most organizations are usually overwhelmed with alerts on a daily basis, and even with a large number of tools, it can be difficult to isolate actual intrusions.”

In February 2022, the damage from the cyber incident was assessed to be employees, including dozens of journalists (emails and article drafts were accessed). The hackers were also interested in News Corp journalists’ information on Taiwan, Uyghurs, the incumbent White House administration, President Joe Biden, the vice president, other officials, and other defense matters such as the U.S. military. 

The threat actors also sought information about U.S. regulations concerning China, especially in technology matters. Some of the targeted journalists were also in close contact with people with sensitive information regarding China.

“Cyberattacks from China on global businesses are all too frequent in today’s connected environment,” Kline and O’Brien told employees in the email to News Corp employees. “While News Corp has protections in place, we appear to have been the target of persistent nation-state attack activity that affected a limited number of our employees.”

According to News Corp’s letter to employees, those impacted can avail of one free annual credit report from each of the three nationwide consumer reporting agencies. The company is also offering free identity protection and credit monitoring services for 24 months.

O’Toole added, “The suspected groups behind cyber espionage campaigns will generally always use phishing to gain an initial foothold on an organization. Knowing it provides the greatest chance of success, they will target employees with realistic phishing emails in a bid to steal their user credentials, so they can access the corporate network, carry out reconnaissance, and steal data.”

“As a result, businesses must prioritize their defenses against this type of threat. The only way to achieve this is through encryption, where employee credentials are encrypted, meaning they never see them, know them, or have the ability to hand them over to criminals unwittingly.”

Malik concluded, “A layered approach to detection is needed. This includes locking down workstations, limiting traffic to sensitive areas, and using honeypots or honey tokens which will often provide fewer alerts, but they will be of much greater value in identifying an attacker.”

Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

Image source: Shutterstock