NYT had asked AT&T last October to monitor its network for unusual activity after receiving a threat from Chinese officials that its actions would "have consequences." The Times' site was blocked by the country's Internet filter after the report.
AT&T informed NYT it detected an attack that shared the same pattern as previous hacks believed to have come from the Chinese military. Further monitoring revealed the attackers would begin their intrusion at 8 a.m. China time and continue for a standard work day.
By November 7, 2012, when it was clear attackers were still inside the system, NYT hired Mandiant, a security vendor specializing in responding to security breaches. The publication allowed hackers to stay in the network for four months to identify every digital backdoor used by them. It then replaced every compromised computer and set up new defenses to keep the hackers out.
The publication is not sure how hackers made their initial intrusion, but believed e-mails with malicious links to "Remote Access Tools" had been sent to employees that would give them control.
The paper also claimed it found evidence the first attack began as early as September 2012. The hackers had broke into the e-mail accounts of Shanghai's bureau chief, David Barboza, who wrote the piece on Wen's family and Jim Yardly, the paper's South Asia bureau chief in India, who was the then-Beijing bureau chief.
Upon gaining access, the hackers installed software meant to capture Barboza's e-mail documents as he wrapped up his report. It is believed the hackers had been looking for the names of his sources, Marc Fron, NYT's CIO said in the report.
Mandiant also found that the hackers stole the corporate passwords of every NYT employee and used them to gain access to the PCs of 53 employees, most of them outside the NYT newsroom.
The attackers also tried to mask the source of their attacks by penetrating the computers at US universities first and routing the attacks through them, Mandiant added.
China is frequently the target of blame for attacks on other countries.