The hackers were also able to access the email accounts of David Barboza, the Times' Shanghai bureau chief who wrote the story about Wen Jiabao's relatives, and Jim Yardley, the Times' South Asia bureau chief in India.
The main target of the attackers appears to have been Barboza's email correspondence and documents related to the investigation he performed for that story, the Times report said. Marc Frons, the Times' chief information office, said that the hackers could have wreaked havoc on the organization's systems, but they were not interested in doing that.
Mandiant's investigators believe the attackers are part of a known Chinese hacker group specialized in APT (advanced persistent threat) attacks that previously targeted other Western organizations and American military contractors. The group routed their attacks through compromised computers owned by universities in North Carolina, Arizona, Wisconsin and New Mexico, as well as computers owned by small U.S. companies and Internet service providers.
The attacks might be part of a larger campaign targeting journalists, the Times said, citing a December intelligence report from Mandiant that mentioned APT-style attacks against 30 journalists and executives at Western news outlets.
Mandiant did not immediately respond to a request for more information about the attacks.
According to the Times report, Mandiant investigators determined that hackers used 45 pieces of custom malware in the attacks against the New York Times over three months, but only one of them was detected by the antivirus products from Symantec used by the newspaper on its systems.
Advanced attacks like the one described in the New York Times article "underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions," Symantec said Thursday in a statement sent via email.
"The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks," the company said. "Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."