New Zealand finally takes sides, lining up with its traditional allies against Chinese cyber sabotage – and upping the ante with specific allegations of attacks on NZ organisations.
ANALYSIS: “State sponsored act”. It’s not a phrase that small governments like New Zealand use lightly.
China has reacted furiously after the NZ Government lined up overnight, alongside the US, the other Five Eyes nations, NATO, Japan, and the European Union, in formally attributing damaging cyber-attacks to China's Ministry of State Security.
New Zealand strongly condemned malicious activity undertaken here and overseas by the Chinese Ministry of State Security, said Andrew Little, the Minister Responsible for the Government Communications Security. And he said the GCSB had confirmed Chinese state-sponsored actors known as Advanced Persistent Threat 40 were responsible for the exploitation of Microsoft Exchange vulnerabilities in NZ earlier this year.
CERT NZ, the Government’s Computer Emergency Response Team, said then that “threat actors” were using the vulnerabilities identified in Exchange to deploy ransomware on vulnerable networks. It identified 500 vulnerable Microsoft Exchange email servers and more than 100 compromised email servers in the first quarter of 2021. The most damaging attack accessed patient records and took down systems at Waikato DHB, a Microsoft Exchange user.
This is not the first time New Zealand has pointed the finger at China. In 2018 the GCSB joined its American and British counterparts in announcing established links between the Chinese Ministry of State Security and a global campaign of cyber-enabled commercial intellectual property theft.
But it’s thought to be the first time a senior minister has spoken publicly, and specifically, with the risk of trade retaliation that entails. After all, Australia is still being made to pay the economic price for publicly seeking an inquiry into the source of the Covid-19 virus – and major New Zealand exporters like Fonterra and Zespri will be watching today’s rapid developments with trepidation.
Two hours ago, China expressed outrage at the accusations it paid criminal groups to carry out cyber hacks, including the Microsoft breach and ransomware attacks. Beijing called the claims "a huge lie," "slander" and "ridiculous," and threatened devastating consequences, according to a post in China's English-language Global Times.
It is only New Zealand's alignment with other traditional friends and allies that will make the public rebuke tenable. European Union policy chief Josep Borrell said the hacking was "conducted from the territory of China for the purpose of intellectual property theft and espionage", and UK Foreign Secretary Dominic Raab said China's actions represented "a reckless but familiar pattern" of systematic cyber sabotage.
Advanced Persistent Threat 40 (APT-40) has also been named by the US and UK. And the US Department of Justice announced yesterday that a federal grand jury had indicted Chinese nationals accused of working with official sanction from Beijing to break into computer systems belonging to American companies, universities and governments.
But Little emphasised New Zealand had confirmed the attribution independently. “The GCSB has worked through a robust technical attribution process in relation to this activity,” he said.
CERT NZ has previously reported the rising scale and sophistication of the cyber security threat. Incident numbers have tripled annually, with most reported incidents affecting organisations of national significance, and 30% of attacks linked to unspecified state sponsored actors. “NZ joins international condemnation of the exploitation of the Microsoft Exchange platform by Chinese state-sponsored actors,” Little said. “We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory.”
