New Zealand has joined an “unprecedented” group of United States allies across the globe blaming China for cyberattacks and exposing government connections to criminal contract hackers.
On Monday night New Zealand’s spy agency minister confirmed Chinese state-sponsored actors were responsible for “malicious cyber activity” in the country – including a massive Microsoft Exchange hack earlier this year.
GCSB Minister Andrew Little said New Zealand joined the international condemnation of the global cyberattacks and urged China to take action.
A White House press release said an unprecedented group of allies and partners – including the European Union, the United Kingdom, and NATO – were joining the United States in exposing and criticising the People’s Republic of China’s (PRC) malicious cyber activities.
* Waikato DHB scrambles to contain cyber attack, safety of patient data unclear
* Georgia blames Russia for cyberattack – NZ US, UK agree
* State-sponsored cyber attacks on rise; NZ orgs partially ready to deal with it – survey
* Chinese Government responsible for global cyber campaign – GCSB
Little said the GCSB had established links between Chinese state-sponsored actors known as Advanced Persistent Threat 40 (APT40) and malicious cyber activity in New Zealand.
“The GCSB has worked through a robust technical attribution process in relation to this activity. New Zealand is today joining other countries in strongly condemning this malicious activity undertaken by the Chinese Ministry of State Security (MSS) – both in New Zealand, and globally,” Little said in a statement.
Separately, the GCSB also confirmed Chinese state-sponsored actors were responsible for the exploitation of Microsoft Exchange vulnerabilities in New Zealand in early 2021.
The widespread and reckless sharing of the vulnerability led to other cyber actors’ exploitation of it, Little said.
“We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory.”
The Biden administration outlined concerns about the PRC’s “unwillingness” to address the activity.
The allies were holding China to account for its use of criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit, the statement said.
“The PRC’s pattern of irresponsible behaviour in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world. Today, countries around the world are making it clear that concerns regarding the PRC’s malicious cyber activities are bringing them together to call out those activities, promote network defence and cybersecurity, and act to disrupt threats to our economies and national security,” the statement said.
UK Foreign Secretary Dominic Raab said the Microsoft Exchange cyberattack “by Chinese state-backed groups” was “a reckless but familiar pattern of behaviour”.
A declaration by the High Representative on behalf of the European Union also urged Chinese authorities to take action against malicious cyber activities undertaken from its territory.
“The EU and its member states strongly denounce these malicious cyber activities, which are undertaken in contradiction with the norms of responsible state behaviour as endorsed by all UN member states. We continue to urge the Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation,” a statement said.
The GCSB’s National Cyber Security Centre (NCSC) had provided direct support to New Zealand organisations that had been affected by the malicious cyber activity, Little said.
For both national security and commercial in confidence reasons, those organisations would not be identified publicly, Little added.
According to the GCSB, about 30 per cent of serious malicious cyber activity against New Zealand organisations recorded by the NCSC contained indicators that can be linked to various state-sponsored actors.
On Monday the US Department of Justice announced criminal charges against four MSS hackers addressing activities concerning a multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defence, education, and healthcare in a least a dozen countries.