China Infiltrates News Corp with Business Email Compromise

An email to internal staff of News Corp (parent to 21st Century Fox, The Wall Street Journal, New York Post and others) cited a “foreign government” as responsible for the “persistent nation-state attack” and confirmed that “some data” was stolen, according to published reports. That foreign government is once again believed to be China (the same foreign government with de facto control of the company that owns your teenager’s TikTok account, but that is another story).

This week, reports revealed that a security incident at the media company on Jan. 20  involved an attack on journalists’ email accounts that gave the intruders access to sensitive data. The breach at this point seems to be limited to several individuals working for The News in the UK, the Wall Street Journal and the New York Post, but investigation continues. The incident has raised concerns over the safety of confidential sources working with the compromised journalists.

News Corp engaged with Mandiant to assess the extent of compromise. “Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” said David Wong, vice president of consulting at Mandiant in a statement this week to Threat Post.

Further statements from the industry included: 

“Journalists can have access to sources and intelligence about adversaries and other opponents of the Chinese regime, both foreign and domestic, or can be researching stories that could generate negative publicity for the Chinese government,”

  — Mike McLellan, director of intelligence, Secureworks Counter Threat Unit

“It’s common for politically motivated cybercriminals to mine reporters’ materials for intelligence, given their frequent conversations with confidential sources that have access to information about current and future geopolitical events.” 

  —  Paul Farrington, chief product officer, Glasswall

China has targeted journalists before. In 2013, they did the same thing to journalists at the New York Times.

Business Email Compromise

The details of the attack have not been made public, but reports indicate that this attack took the form of a Business Email Compromise (BEC) campaign.  BEC is a specialized form of spearphishing that combines aspects of social engineering and spoofed email (or voice) communication from trusted business associates.   Frequently the object of a spearphishing campaign is financials, but getting targets to disclose confidential information is also in the mix.


Education of your staff is key to prevent the success of BEC campaigns:

  • Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
  • Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
  • Be careful what you download. Never open an email attachment from someone you don’t know, and be wary of email attachments forwarded to you.
  • Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the request.
  • If the requestor is asking for information, contact that person through a different communication channel to make sure the request is genuine.
  • Be especially wary if the requestor is pressing you to act quickly.

Contact Alaris ( to get an internal training system in place for your staff before you fall victim.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Subscribe To Our Newsletter

Get updates on Cyber Defense

Turning Compliance Into Tangible Security

Fortify Your Business Today