Publishing giant News Corp revealed that attackers behind a breach disclosed in January 2022 had persistent access to part of its internal system for over two years.
In a letter sent to employees last week, the company said attackers have gained access to a business and document storage system used by several News Corp businesses and obtained employees' personal and health information.
The attack affected the media giant's multiple publications and business units, including The Wall Street Journal, the New York Post and its U.K. news operations.
According to the letter, the affected employees' information may have included names, dates of birth, Social Security numbers, passport numbers, driver's license numbers, financial account information, medical information and health insurance information.
A News Corp spokesperson did not tell SC Media how many employees were impacted but said it is "a limited number."
Two years dwell time
While News Corp admission that hackers were on its network for two years is uncommon, Connie Stack, data protection advisor and CEO of data loss protection firm Next DLP, said many organizations face challenges identifying breaches in a timely manner.
Indeed, according to IBM's 2022 Data Breach Report, organizations took an average of 277 days—about nine months—to identify and contain a breach.
"The number one reason cyber-intrusions get missed is alert fatigue. Alert fatigue happens when security and risk professionals are exposed to a large and frequent number of alerts and ultimately become desensitized to them. This desensitization can lead to longer dwell times or worse, missing important alerts altogether," Stack said.
Javvad Malik, lead awareness advocate at KnowBe4, echoed Stack, adding that businesses need a layered approach to enhance detection, including locking down workstations, limiting traffic to sensitive areas, and using honeypots or honey tokens.
"Fewer alerts will be generated in this way, but they will be of much greater value in identifying an attacker," Malik said.
Hackers waited, looked and lurked
The News Corp spokesperson added that based on last year's investigation, the company believes the breach was an intelligence collection effort and was not focused on exploiting personal data.
The company notified law enforcement and hired the cybersecurity firm Mandiant to help with the investigation after the attack was initially discovered on Jan. 20, 2022. At the time, Mandiant said the attack has a China nexus and may connect to espionage activities, while a spokesperson for the Chinese Embassy in Washington told The Wall Street Journal that he declined the "allegations based on speculations."
SC Media followed up with Mandiant on the latest investigation progress today. Mandiant said it confirms the validity of the previous statement that the attack connected to Chinese threat actors and has nothing further to add.