A cybersecurity firm investigating the intrusion said Chinese intelligence-gathering was believed behind the operation.
The Journal, citing people briefed on the intrusion, reported that it appeared to date back to February 2020 and that scores of employees were impacted.
It quoted them as saying the hackers were able to access reporters' emails and Google Docs, including drafts of articles. News Corp discovered the breach on 20 January. Customer and financial data were so far not affected and company operations were not interrupted. But the potential impact on news reporting and sources was a serious concern.
News organisations are prime targets for the world's intelligence agencies because their reporters are in constant contact with sources of sensitive information. Quite why is anyone’s guess because most of the world’s media at the moment is only interested in quoting government, or establishment business sources and inane soundbites from the entertainment industry.
Mandiant, the cybersecurity firm examining the hack, said in a statement that it "assesses that those behind this activity have a China nexus [sounds painful. Ed] We believe they are likely involved in espionage activities to collect intelligence to benefit China's interests."
FBI Director Christopher Wray said in a speech this week that the bureau opens investigations tied to suspected Chinese espionage operations about every 12 hours, and has more than 2,000 such probes.
He said Chinese government hackers have been pilfering more personal and corporate data than all other countries combined. While state-backed Russian hacking tends to get more headlines, U.S. officials say China has been stealthily stealing far more valuable commercial and personal data over the past few decades as digital technology took hold.
CBS News reports that "preliminary findings point to a supply chain hack," since News Corp wrote in its report that they'd discovered one of the third-party providers supporting their technology and "cloud-based" systems "was the target of persistent cyberattack activity."