The New York Times reports that its internal network was attacked by Chinese hackers over the last four months. The e-mail accounts of several reporters who worked on a story critical of the family of Chinese prime minister Wen Jiabao were infiltrated, and the passwords of every single New York Times employee were stolen. However, there is no evidence that information about sources for the stories on the Wen family was obtained, Times Executive Editor Jill Abramson said.

The Times also reports that no customer data was stolen. Security experts from Mandiant were brought in to deal with the breach and have told the media company that the attack was consistent with others undertaken by hackers associated with the Chinese military against government contractors and other media companies.

The New York Times had been on guard against cyber attacks after the Chinese government told them there would be "consequences" for reporting on the Wen family. But while the company was informed by AT&T of suspicious activity over its network connection on October 25—the day the Wen story was published—the attack had begun weeks earlier and appears to have been focused on getting into the e-mail accounts of Times Shanghai Bureau Chief David Barboza and South Asia Bureau Chief Jim Yardley. The attack used 45 different pieces of custom malware code, including remote access tools that gave Chinese hackers the run of the Times' network. "They could have wreaked havoc on our systems, but that was not what they were after,” Chief Information Officer Marc Frons told Times reporter Nicole Perlroth.

Based on forensic evidence, the attackers began their infiltration of the Times' systems on September 13, as the reporting on the Wen story was being completed. The attackers used a botnet of computers compromised at US universities to obscure the source of the attack. They then infected computers at the Times with malware, most likely through e-mail "spear phishing" attacks, and used the malware to install remote access tools on at least three target systems that allowed them to gather more information from the network—finally finding the Windows network domain controller and grabbing its user directory and password tables. The hackers then used the cracked passwords to access other systems and created a custom program built to infiltrate the Times' mailserver to search all the e-mails and documents sent to Barboza and Yardley's accounts—apparently searching for the names of people who may have spoken to Barboza as he reported on the Wen family.

The backdoors have been shut down, and the command and control servers used for the attack have been blocked. All New York Times employees' passwords have been changed, and the company has installed additional security around its network.