20 Jul 2021

Government points finger at China over cyber attacks

12:48 pm on 20 July 2021

The government says it has uncovered evidence of Chinese state-sponsored cyber attacks in New Zealand.

Andrew Little

China should take appropriate action to stop cyber attack activity originating from its territory, Andrew Little says. Photo: RNZ / Dom Thomas

GCSB Minister Andrew Little said that the foreign intelligence agency has established links between Chinese state-sponsored actors known as Advanced Persistent Threat 40 (APT40) and malicious cyber activity in New Zealand.

The GCSB had "worked through a robust technical attribution process" to establish its conclusions, Little said.

He said the government is joining other countries in strongly condemning what the Chinese Ministry of State Security has been doing both in New Zealand and globally.

"Separately, the GCSB has also confirmed Chinese state-sponsored actors were responsible for the exploitation of Microsoft Exchange vulnerabilities in New Zealand in early 2021.

"We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory," Little said in a statement.

Microsoft email servers have been targeted and Little said the GCSB has helped the affected local organisations.

In March New Zealanders were warned to be concerned and act swiftly after a massive email hack that was blamed on China.

Little will not be naming the victims citing national security and commercial confidentiality.

It reinforced the importance of organisations and individuals having strong cyber security measures in place, the minister said.

The GCSB said about 30 percent of serious malicious cyber activity in this country can be linked to various state-sponsored actors.

Read more:

UK also blames Chinese-backed actors for Microsoft hacking

New Zealand joined the US, UK and the EU, along with Australia and other countries, in condemning malicious cyber activity.

US Secretary of State Antony Blinken said it posed "a major threat to our economic and national security."

Britain said on Monday that it and its partners held Chinese state-backed groups responsible for "a pervasive pattern of hacking" involving attacks on Microsoft Exchange servers.

The attacks took place earlier this year and affected more than a quarter of a million servers worldwide, the British foreign ministry said.

"The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour," British foreign minister Dominic Raab said in a statement.

"The Chinese government must end this systematic cyber sabotage and can expect to be held to account if it does not."

The foreign office said the attack was "highly likely to enable large-scale espionage".

It added Britain and its allies attributed the Chinese Ministry of State Security as being behind the hacking groups known by security experts as "APT40" and "APT31".

- RNZ / Reuters

Get the RNZ app

for ad-free news and current affairs