New Zealand stands with the United Kingdom in its condemnation of People’s Republic of China (PRC) state-backed malicious cyber activity impacting its Electoral Commission and targeting Members of the UK Parliament, NZ’s Minister Responsible for the Government Communications Security Bureau (GCSB) said today.
Minister Judith Collins says the use of cyber-enabled espionage operations to interfere with democratic institutions and processes anywhere is unacceptable.
The GCSB established links between a state-sponsored actor linked to PRC and malicious cyber activity targeting New Zealand’s Parliamentary Council Office (PCO) network and the Parliamentary Service.
“The GCSB’s National Cyber Security Centre (NCSC) completed a robust technical assessment following a compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021, and has attributed this activity to a PRC state-sponsored group known as APT40,” said Ms Collins.
“Fortunately, in this instance, the NCSC worked with the impacted organisations to contain the activity and remove the actor shortly after they were able to access the network.
“We commend the impacted organisations for acting decisively to mitigate the impact, and for the measures they have taken since the incident to harden their cyber defences and strengthen the resilience of their networks.
“These networks contain important information that enables the effective operation of the New Zealand government. It is critical that we protect this information from all malicious cyber threats.”
GCSB Director-General, Andrew Clark says the investigation and response confirmed that parts of the PCO network and the Parliamentary Service network had been compromised by a malicious cyber actor.
“The NCSC provided extensive support to the victim organisations to reduce the impact of the compromise and delivered advice to other organisations potentially at risk by association,” he says.
“Analysis of the tactics and techniques used by the actor enabled us to confidently link the actor to a People’s Republic of China (PRC) state-sponsored group known as APT40.”
“This link has been reinforced by analysis from international partners of similar events in their own jurisdictions.”
Mr Clark says the NCSC worked with both affected organisations to develop a comprehensive remediation plan and understands that further improvements to their networks have since been made.
He says there are a range of measures organisations can take to increase their resilience to cyber incidents. The NCSC has developed a cyber security framework that can help to guide organisations risk assessment and cyber resilience plans.
The framework is built around five key focus areas: Guide and Govern, Identify and Understand, Prevent and Protect, Detect and Contain, and Respond and Recover. It provides questions in each of these areas for organisations to consider when setting their cyber security priorities. Details of the framework are available on the NCSC website(external link).
Many of New Zealand’s international partners today shared their experiences with malicious cyber activity impacting global democratic processes and institutions.
“This collective response from the international community serves as a timely reminder to all organisations and individuals to have strong cyber security measures in place,” Minister Collins says.
On Monday, Britain accused Chinese hackers of trying to break into email accounts of British politicians in 2021 and said a separate Chinese entity was behind a hack of its electoral watchdog.
It also said an unidentified Chinese state-affiliated hacking group was also behind a separate 2021-2022 cyber-attack on Britain’s Electoral Commission. The breach was made public last year, but until now Britain had not named those responsible for it.
Deputy Prime Minister, Oliver Dowden told the UK Parliament the attacks “demonstrate a clear and persistent pattern of behaviour that signals hostile intent from China”.
The Chinese embassy in London, meanwhile, has slammed the claims as ”completely fabricated” and “malicious slanders”.
