Outlets reportedly targeted include The Times and Sun in the UK, and the WSJ, New York Post and Dow Jones in the US.
“Our preliminary analysis indicates that foreign government involvement may be associated with this activity, and that some data was taken,” said an internal memo, which had been seen by Bloomberg News.
“We will not tolerate attacks on our journalism, nor will we be deterred from our reporting, which provides readers everywhere with the news that matters,” the memo said.
Cybersecurity firm Mandiant said the breach was discovered in January but appears to date back to February 2020, according to WSJ sources.
David Wong, the firm’s vice-president of incident response, told WSJ: “Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests.”
A spokesperson for the Chinese Embassy in Washington said that China “firmly opposes and combats cyberattacks and cyber theft in all forms.”
He added: “We hope that there can be a professional, responsible and evidence-based approach to identifying cyber-related incidents, rather than making allegations based on speculations.”
News Corp said customer and financial data appeared to not have been affected, and that company operations were not interrupted.
On Friday, News Corp told the Securities and Exchange Commission that a cloud service used by the company had been the “target of persistent cyberattack activity” and that it was “remediating the issue, and to date has not experienced any related interruptions to its business operations or systems.”
Keep up-to-date with publishing news: sign up here for InPubWeekly, our free weekly e-newsletter.