GCSB Minister Andrew Little says security officials worked through a robust technical attribution process to identify where the attacks originated. Photo / George Heard, File
The Government says it has uncovered evidence of Chinese state-sponsored cyber attacks in New Zealand.
GCSB Minister Andrew Little said that the foreign intelligence agency has established links between Chinese state-sponsored actors known as Advanced Persistent Threat 40 (APT40) and malicious cyber activity in New Zealand.
The GCSB had “worked through a robust technical attribution process” to establish its conclusions, Little said.
He said the Government is joining other countries in strongly condemning what the Chinese Ministry of State Security has been doing both in New Zealand and globally.
“Separately, the GCSB has also confirmed Chinese state-sponsored actors were responsible for the exploitation of Microsoft Exchange vulnerabilities in New Zealand in early 2021.
“We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory,” Little said in a statement.
Microsoft email servers have been targeted and Little said the GCSB has helped the affected local organisations.
In March, New Zealanders were warned to be concerned and act swiftly after a massive email hack that was blamed on China.
Little will not be naming the victims citing national security and commercial confidentiality.
It reinforced the importance of organisations and individuals having strong cyber security measures in place, the minister said.
The GCSB said about 30 per cent of serious malicious cyber activity in this country can be linked to various state-sponsored actors.
UK blames Chinese-backed actors for Microsoft hacking
Britain said on Monday that it and its partners held Chinese state-backed groups responsible for “a pervasive pattern of hacking” involving attacks on Microsoft Exchange servers.
The attacks took place earlier this year and affected more than a quarter of a million servers worldwide, the British Foreign Ministry said.
“The cyberattack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour,” British Foreign Minister Dominic Raab said in a statement.
“The Chinese government must end this systematic cyber sabotage and can expect to be held to account if it does not.”
The foreign office said the attack was “highly likely to enable large-scale espionage”.
It added Britain and its allies attributed the Chinese Ministry of State Security as being behind the hacking groups known by security experts as “APT40” and “APT31”.