This article is more than 1 year old

Suspected Chinese spies break into cloud accounts of News Corp journalists

Read all about it – Beijing probably already has

Online work accounts of News Corporation journalists were broken into by snoops seemingly with ties to China, it was claimed today.

Rupert Murdoch's empire announced the security breach on Friday, describing it as a "persistent cyber-attack," and saying it had hired Mandiant to figure out what happened. It is believed the intruders were seeking messages, files and other internal information for Beijing's spymasters.

The intrusion was discovered on January 20, the corporation's flagship British newspaper The Times reported this afternoon. The cyber-attack "included the targeting of emails and documents of some employees, including journalists," wrote defense editor Larisa Brown.

Murdoch's Wall Street Journal also said [paywall] it was targeted along with its stablemate the New York Post and other publications.

In a quarterly financial filing [PDF, 321 pages], submitted to the SEC and dated February 4, News corp stated:

The company ... relies on third-party providers for certain technology and 'cloud-based' systems and services that support a variety of business operations. In January 2022, the company discovered that one of these systems was the target of persistent cyberattack activity. Together with an outside cybersecurity firm, the company is conducting an investigation into the circumstances of the activity to determine its nature, scope, duration and impacts. The company’s preliminary analysis indicates that foreign government involvement may be associated with this activity, and that data was taken. To the company’s knowledge, its systems housing customer and financial data were not affected.

What cloud-based systems could News Corp be referring to here, precisely? Well, we're not going to speculate but doubtless some readers will notice that the corporation appears to use Google for email, at least. MX records for the aforementioned newspapers' domain names point to the backend servers of Google Workspace, the internet monolith's productivity suite that includes Gmail.

We have asked Google for comment and will update this article if the ad-tech titan responds.

David Wong, a veep of consulting at Mandiant, said in a statement: "Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China's interests."

No further detail on whether the intrusions were state-sponsored, state-directed, or merely originated from Chinese servers was given by News Corp. Neither was any detail given on whether the attacks defeated security protections on a cloud provider's servers or whether luckless journalists had their work or personal devices or accounts individually compromised, giving the attackers direct access to email and file-hosting accounts and.

Along with the intrusion, News Corp also announced a $56m share buyback program today in a filing with the SEC. ®


Last year a fake email was sent around announcing the chairman of Parliament's foreign affairs committee had resigned, citing Chinese sanctions as the reason. In fact Tom Tugendhat MP had done no such thing.

More about


Send us news

Other stories you might like