21 Dec 2018

GCSB says global campaign of cyber theft linked to China's main intelligence service MSS

8:31 am on 21 December 2018

The Government Communications Security Bureau (GCSB) says it has established links between the Chinese Ministry of State Security (MSS) and a "global campaign" of cyber theft.

Hacker, cyber attack, (File photo)

Hacking targets included the U.S. Navy, NASA and companies involved aviation, space and satellite technology. Photo: 123RF

Earlier this morning the US justice department announced criminal charges against two computer hackers said to be connected to the MSS.

The two, identified as Zhu Hua and Zhang Jianguo, worked in China to hack into computers to steal intellectual property and confidential business and technological data, according to the indictment. US authorities said the two worked in association with China's Ministry of State Security.

"This long-running campaign targeted the intellectual property and commercial data of a number of global managed service providers, some operating in New Zealand," Director-General of the GCSB Andrew Hampton said in a statement.

The GCSB found out about the campaign in early 2017 and its National Cyber Security Centre (NCSC) recorded incidents related to the campaign.

"Around a third of the serious incidents recorded by the NCSC can be linked to state-sponsored actors," Mr Hampton said.

"This activity is counter to the commitment all APEC economies, including China, made in November 2016. APEC economies agreed they should not conduct or support ICT-enabled theft of intellectual property or other confidential business information, for commercial advantage.

"New Zealand is committed to upholding the rules-based international order, and today joins likeminded partners in expressing that such cyber campaigns are unacceptable."

The United States also condemned China for efforts to steal other countries' trade secrets and technologies and to compromise government computers, according to a person familiar with the matter.

Australia, Britain, Canada, Japan, the Netherlands, and Sweden were also reportedly targeted and are expected to be involved in the effort.

The US indictment said hacking targets included the U.S. Navy, the National Aeronautics and Space Administration and companies involved aviation, space and satellite technology.

"China's goal, simply put, is to replace the U.S. as the world's leading superpower and they're using illegal methods to get there," FBI Director Chris Wray said at a news conference.

The companies targeted by China were a "who's who" of American businesses, Wray said.

The Justice Department accused China of breaking a 2015 pact to curb cyber espionage for corporate purposes. Britain also said it would hold the Chinese government responsible for the global hacking campaign targeting commercial secrets in Europe, Asia and the United States.

The hacking effort is considered a major cyber threat by private-sector cyber security researchers and government investigators because of the scale of the intrusions.

The hackers were charged with spying on some of the world's largest companies by hacking into technology firms to which they outsource email, storage and other computing tasks.

Over the past several years, as companies around the globe have sought to cut down information technology spending, they have increasingly relied on outside contractors to store and transfer their data.

When a managed service provider is hacked, it can unintentionally provide attackers access to secondary victims who are customers of that company and have their computer systems connected to them, according to experts.

The timing of the action may further escalate tensions between Washington and Beijing after the arrest of Meng Wanzhou, the chief financial officer of Chinese telecommunications giant Huawei Technologies, in Canada at the request of the United States.

The action also comes just weeks after the United States and China agreed to talks aimed at resolving an ongoing trade dispute that threatens global economic growth.

The British government said in a statement the hacking was conducted by a group known as APT 10, which was acting on behalf of China's Ministry of State Security.

"This campaign shows that elements of the Chinese government are not upholding the commitments China made directly to the UK in a 2015 bilateral agreement," the British statement said.

- Reuters/BBC/RNZ

Get the RNZ app

for ad-free news and current affairs