Dozens of journalists at the News Corp-owned Wall Street Journal were targeted in the hack, which appeared to focus on reporters and editors covering China-related issues, two people familiar with the matter told CNN.
Cybersecurity firm Mandiant (MNDT), which News Corp (NWS) hired to investigate the breach, believes the hackers are “likely involved in espionage activities to collect intelligence to benefit China’s interests,” said David Wong, vice president of consulting at Mandiant.
The intrusion, which appeared to date to at least February 2020, compromised email accounts and Google Drive documents used by certain Wall Street Journal journalists, one of the people familiar with the investigation said. The Wall Street Journal first reported on the timeline of the hack.
Journalists are frequent targets of various state-backed hackers in search of intelligence on governments and corporations. For this reason, many journalists do not mention sensitive information over email.
Wall Street Journal management held a series of briefings on Thursday with the journalists affected by the hack, the two sources familiar with the investigation said. Journal staff are going through forensic data to determine what information was taken from individual journalists, one of those people said.
The Chinese Embassy in Washington did not immediately respond to a request for comment. China regularly denies conducting hacking operations.
FBI Director Christopher Wray this week accused China of having a “massive, sophisticated hacking program that is bigger than those of every other major nation combined.”
News Corp spokesperson James Kennedy declined to comment on how many journalists were affected or other undisclosed details of the investigation.
Kennedy instead shared an email that News Corp’s security team sent to employees on Friday that said the hack affected “a limited number of business email accounts and documents” from News Corp headquarters, as well as News Corp properties such as Dow Jones and The New York Post.
“Our highest concern is the protection of our employees, including our journalists, and their sources,” the email says, adding that investigators think the hack has been contained.
The incident did not appear to affect systems holding customer and financial data, News Corp said in a filing with the Securities and Exchange Commission.
Runa Sandvik, former senior director for information security at The New York Times, said the goal in defending organizations, including news networks, against advanced hackers should be limiting the systems the hackers access and the amount of time they have access to them.
“Over the years, media organizations have definitely put more focus on security within their company, including for newsrooms specifically,” Sandvik, who is a cybersecurity consultant for Radio Free Europe and other media outlets, told CNN. “I think there absolutely is room for improvement.”
News Corp said it would share information about the hack with other news organizations so they can protect themselves.
Journalists have had to contend with hacking threats for years.
Nearly a decade ago, suspected Chinese hackers infiltrated computer systems at The New York Times as journalists at the paper were concluding an investigation into the wealth of relatives of then-Chinese premier Wen Jiabao, The Times reported then.
CNN’s Alex Marquardt contributed reporting.