A cyberattack has struck media company News Corp., compromising the emails of journalists.

The attack was detected on Jan. 20 and affected News Corp. publications and business units, including The Wall Street Journal and its parent company Dow Jones, the New York Post, News U.K. and News Corp. headquarters.

The form of the attack was not disclosed. News Corp. only said that it believes a foreign government was involved in the hack and that some data was taken. “Our highest concern is the protection of our employees, including our journalists and their sources,” the company said in an email to staff, before adding that the “threat activity is contained.”

In a Feb. 4 Form 10-Q filing with the U.S. Securities and Exchange Commission, the company said it had hired an outside cybersecurity firm and it was undertaking an investigation into the circumstances of the activity to determine its nature, scope, duration and impacts. The SEC statement added that its systems housing customer and financial data were not affected.

Mandiant Inc. is the outside cybersecurity firm hired by News Corp. and it’s already pointing the finger at China. David Wong, vice-president of consulting at Mandiant, said the hackers were believed to have “a China nexus” and “we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests.”

“It is common for politically motivated cybercriminals to mine reporters’ materials for intelligence as they often speak to confidential sources and gather important information on world events,” Paul Farrington, chief product officer at file protection company Glasswall Solutions Ltd., told SiliconANGLE this weekend.

“As the ‘weaponization’ of information technology escalates at an alarming rate, organizations must significantly improve their ability to proactively identify and defend against attacks, irrespective of their source and motivation,” Farrington added. “Failure to do so will leave more organizations at even greater risk of disruption and damage, tactically outmatched by adversaries who are relying on the weaknesses inherent in many of today’s IT networks for their success.”

Tim Erlin, vice president of strategy at cybersecurity and compliance solutions firm Tripwire Inc., commented that “it’s time to remind ourselves that there is always more information to be discovered after the initial disclosure of a cyber attack like this one. We should expect that the information shared today isn’t the full story.”

“Cyberattack attribution is extremely difficult, and while the casual reader may draw the conclusion here that China is responsible (which may be true), it’s worth noting the language that Mandiant uses,” Erlin explained. “The statement does not go as far as pointing to the Chinese government directly. The term ‘China nexus’ and the phrase ‘benefit China’s interests’ are both ways of softening the conclusion. In these types of reports, language matters.”

Image: News Corp.