Cyber Incident Victim: News Corporation
Date:
Jan 2022
Location:
United States of America
Summary
News Corp suffered a cyberattack by a foreign nation-state actor, assessed to have ties to China, involving persistent intrusion that led to data exfiltration from employee emails and documents. The breach, discovered during an investigation with cybersecurity firm Mandiant, targeted journalistic assets but did not compromise customer or financial data; the company contained the incident, attributing it to espionage activities benefiting Chinese interests.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
News Corp discovered a cyberattack targeting one of its systems in January 2022, later disclosing the incident through a February 4 SEC filing. The media conglomerate characterized the activity as "persistent" nation-state attacks potentially linked to a foreign government, with Mandiant's investigation attributing the operation to threat actors having a China nexus likely engaged in espionage to benefit Chinese interests. The breach impacted major subsidiaries including The Wall Street Journal, New York Post, and News UK, compromising employee emails and documents—particularly affecting journalists—though systems containing customer or financial data reportedly remained unaffected. News Corp engaged Mandiant to determine the attack's nature, scope, duration, and impacts, noting data exfiltration occurred but business operations experienced no disruptions. Preliminary findings indicated the activity was contained by the disclosure date, though the company acknowledged inability to estimate investigation and remediation costs at that stage. The breach disclosure method via SEC filing rather than direct public notification drew attention for its low-profile approach despite involving high-profile news entities.
News Corp initiated remediation efforts immediately upon discovery while emphasizing ongoing vulnerabilities in its network infrastructure and third-party cloud systems. The company warned that cyber risk insurance might prove insufficient to cover breach-related losses, citing increased difficulty and expense in obtaining comprehensive coverage. Its SEC filing outlined broader cybersecurity challenges, including heightened risks from expanded remote work during the COVID-19 pandemic and sophisticated, evolving attack methodologies that could circumvent existing defenses. While asserting no operational interruptions occurred, News Corp acknowledged potential future material impacts from similar incidents, including regulatory actions, lawsuits, reputational damage, and costs associated with system hardening. The filing specifically noted concerns about persistent threats requiring extended detection timelines and vulnerabilities in disaster recovery planning against advanced attacks. Mandiant's assessment of Chinese espionage alignment marked one of the few publicly attributed nation-state breaches against a major US media organization during this period, though News Corp avoided naming specific threat groups in its official statements.