Suspected Chinese spies break into cloud accounts of News Corp journalists – The Register

Online work accounts of News Corporation journalists were broken into by snoops seemingly with ties to China, it was claimed today.

Rupert Murdoch’s empire announced the security breach on Friday, describing it as a “persistent cyber-attack,” and saying it had hired Mandiant to figure out what happened. It is believed the intruders were seeking messages, files and other internal information for Beijing’s spymasters.

The intrusion was discovered on January 20, the corporation’s flagship British newspaper The Times reported this afternoon. The cyber-attack “included the targeting of emails and documents of some employees, including journalists,” wrote defense editor Larisa Brown.

Murdoch’s Wall Street Journal also said [paywall] it was targeted along with its stablemate the New York Post and other publications.

In a quarterly financial filing [PDF, 321 pages], submitted to the SEC and dated February 4, News corp stated:

What cloud-based systems could News Corp be referring to here, precisely? Well, we’re not going to speculate but doubtless some readers will notice that the corporation appears to use Google for email, at least. MX records for the aforementioned newspapers’ domain names point to the backend servers of Google Workspace, the internet monolith’s productivity suite that includes Gmail.

We have asked Google for comment and will update this article if the ad-tech titan responds.

David Wong, a veep of consulting at Mandiant, said in a statement: “Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests.”

No further detail on whether the intrusions were state-sponsored, state-directed, or merely originated from Chinese servers was given by News Corp. Neither was any detail given on whether the attacks defeated security protections on a cloud provider’s servers or whether luckless journalists had their work or personal devices or accounts individually compromised, giving the attackers direct access to email and file-hosting accounts and.

Along with the intrusion, News Corp also announced a $56m share buyback program today in a filing with the SEC. ®

Bootnote

Last year a fake email was sent around announcing the chairman of Parliament’s foreign affairs committee had resigned, citing Chinese sanctions as the reason. In fact Tom Tugendhat MP had done no such thing.