Andrew Little, the Minister in charge of the Government Communications Security Bureau in New Zealand, has publicly accused China of sponsoring malicious cyber activity carried out by a nation-state actor known as APT40.
In a statement published on the New Zealand government’s official website, Little said the government had established clear links between the Chinese Ministry of State Security (MSS) and a hacker group known as APT40 or Hafnium. The group is known to be behind the recent exploitation of vulnerabilities in the Microsoft Exchange system that affected organisations worldwide.
Little said the links between MSS and APT40 were established through a robust technical attribution process that left little doubt about who sponsored the malicious activity. “New Zealand is today joining other countries in strongly condemning this malicious activity undertaken by the Chinese Ministry of State Security (MSS) – both in New Zealand and globally,” he said.
“New Zealand joins international condemnation of the exploitation of the Microsoft Exchange platform by Chinese state-sponsored actors, and the widespread and reckless sharing of the vulnerability, which led to other cyber actors’ exploitation of it.
“We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory,” he added.
In his statement, Little said that around 30% of serious malicious cyber activity against New Zealand organisations contains indicators that can be linked to various state-sponsored actors. “This reinforces the importance of organisations and individuals having strong cyber security measures in place.
“The GCSB’s National Cyber Security Centre (NCSC) has provided direct support to New Zealand organisations that have been affected by this malicious cyber activity. For both national security and commercial in confidence reasons, these organisations are not identified publicly,” he added.
The Chinese Embassy in New Zealand reacted quickly and angrily to Little’s accusation, terming it “totally groundless and irresponsible.” It also advised the New Zealand government to “adopt a professional and responsible attitude when dealing with cyber incidents… rather than manipulating political issues under the pretext of cyber security and mudslinging at others.”
“The Chinese government is a staunch defender of cyber security and firmly opposes and fights all forms of cyber attacks and crimes in accordance with law. Given the virtual nature of cyberspace, one must have clear evidence when investigating and identifying cyber-related incidents. Making accusations without prove is malicious smear.
“China always advocate countries to strengthen dialogue and cooperation on the basis of mutual respect, equality and mutual benefit，and address this challenge together. We urge the New Zealand side to abandon the Cold War mentality, adopt a professional and responsible attitude when dealing with cyber incidents, and work with others to jointly tackle the challenge through dialogue and cooperation，rather than manipulating political issues under the pretext of cyber security and mudslinging at others,” it said.
New Zealand is a member of the Five Eyes Alliance but has seldom accused China directly unlike partners like the United States, the UK, Australia, or Canada. However, the recent spate of supply chain attacks and the rise of state-sponsored cyber activity worldwide possibly called for a stronger response.
On 19th July, the United States, the European Union, and the UK publicly revealed that Hafnium, a hacker group backed by the People’s Republic of China, exploited vulnerabilities in Microsoft Exchange servers to target tens of thousands of organisations worldwide.
The UK’s National Cyber Security Centre termed the attack on Microsoft Exchange software as “the most significant and widespread cyber intrusion against the UK and allies uncovered to date” and that the attack was carried out earlier this year to enable “large-scale espionage, including acquiring personally identifiable information and intellectual property.”
“The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour. The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not,” said Dominic Raab, the Foreign Secretary.
In the U.S., China’s role in the hacking of Microsoft Exchange software was touched upon by the White House, the Justice Department, as well as prominent federal agencies such as the CISA, the NSA, and the FBI. The White House highlighted China’s “irresponsible and destabilizing behavior in cyberspace,” stating that it poses “a major threat to U.S. and allies’ economic and national security.”