News Corp outfoxed by IT intruders for years

2023-02-28 08:31

The miscreants who infiltrated News Corporation's corporate IT network spent two years in the media monolith's system before being detected early last year.

The super-corp, which owns The Wall Street Journal, New York Post, UK publications including The Sunday Times, and a broad array of other entities around the world, first reported the intrusion in February 2022, saying the snoops got into email accounts and gained access to employees' data and business documents.

In the letter, which was first published by Bleeping Computer, News Corp execs told staff the attack "Does not appear to be focused on exploiting personal information." Executives added that they hadn't been alerted to any incidents of identity theft nor fraud connected to the security breach.

News Corp is giving affected workers free identity protection and credit monitoring for two years through Experian's IdentityWorks program, which also includes identity restoration in case of fraud and $1 million in identity theft insurance.

The attack highlights the issue of "Dwell time" - the amount of time miscreants spend within a company's IT environment before they're uncovered.

"Unlike a DDoS, SQL injection, or other attacks that tend to be either obvious or more easily detected, an APT could go on for months or years without being noticed," Tiquet told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/28/news_corp_dwell_time_breach/