Andrew Hampton, director general of the New Zealand Government Communications Security Bureau (GCSB),

Security Services Minister Andrew Little last night accused Chinese “state-sponsored actors” of malicious cyber activity in New Zealand.

“New Zealand has established links between Chinese state-sponsored actors known as Advanced Persistent Threat 40 (APT40) and malicious cyber activity in New Zealand,” he said.

“The GCSB has worked through a robust technical attribution process in relation to this activity.

“New Zealand is today joining other countries in strongly condemning this malicious activity undertaken by the Chinese Ministry of State Security (MSS) – both in New Zealand and globally.”

This is not the first time that  New Zealand has named China as being responsible for a specific cyber attack.

Cyber experts writing on blogs have last night named Hainan University as a possible source of the attacks.

That University has close links with Massey University, which has established an “offshore learning centre” there.

Little’s statement has obviously been coordinated with a forceful statement from US President Biden.

Other statements have come from Australia, the European Union, NATO, Japan, the United Kingdom and Canada.

In a statement early this morning, Biden said The United States has long been concerned about China’s “irresponsible and destabilising behaviour in cyberspace.”

Advertisment

“Today, the United States and our allies and partners are exposing further details of China’s pattern of malicious cyber activity and taking further action to counter it, as it poses a major threat to US and allies’ economic and national security.”

On Friday, Australian Prime Minister Scott Morrison said a “sophisticated state-based actor” had spent months trying to hack all levels of the government, political bodies, essential service providers and operators of critical infrastructure.

“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting,” Morrison told reporters but declined to say who Australia believed was responsible.

Little said that the GCSB had also confirmed Chinese state-sponsored actors were responsible for the exploitation of Microsoft Exchange vulnerabilities in New Zealand in early 2021.

“New Zealand joins international condemnation of the exploitation of the Microsoft Exchange platform by Chinese state-sponsored actors, and the widespread and reckless sharing of the vulnerability, which led to other cyber actors’ exploitation of it,” he said.

According to the GCSB, around 30 per cent of serious malicious cyber activity against New Zealand organisations recorded by the National Cyber Security Centre contains indicators that can be linked to various state-sponsored actors, he said.

The White House statement said The United States was deeply concerned that China had  fostered an intelligence enterprise that included contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit.

The US Justice Department has also announced criminal charges against four Chinese Ministry of State Security hackers addressing activities concerning a multiyear campaign targeting foreign governments and entities in critical sectors, including maritime, aviation, defence, education, and healthcare in at least a dozen countries.

“DOJ documents outline how MSS hackers pursued the theft of Ebola virus vaccine research and demonstrate that the PRC’s theft of intellectual property, trade secrets, and confidential business information extends to critical public health information,” the White House statement said.

“Much of the MSS activity alleged in the Department of Justice’s charges stands in stark contrast to China’s bilateral and multilateral commitments to refrain from engaging in cyber-enabled theft of intellectual property for commercial advantage.“

A mysterious group called “Intrusion Truth” has been exposing Chinese state-sponsored cybercrime since 2017. Since January this year, it has been posting articles on its blog linking the threat identified by the GCSB, APT40, to the University of Hainan, located south of Hong Kong on an island in the South China Sea.

The United States Georgetown University’s Center for Security and Emerging Technology has also identified the University of Hainan as a University with connections to APT cyber-threat actors.

Hainan University has close connections with Massey University.

In March, Massey and Hainan launched a dedicated learning centre for Massey students who had to remain in China because of Covid.

Massey’s Deputy Vice-Chancellor Students and Global Engagement Tere McGonagle-Daly said: “The Massey Learning Centre at Hainan University will give Massey students the option of joining fellow classmates at a campus in one of China’s leading universities.”

 Massey may now find itself the subject of the same sort of review of its China connections that Australian Universities are currently experiencing and which are leading to the close-down of some Chinese facilities within Universities.

The diplomatic fallout from last night’s statements could well also be severe. The knowledge that something like this was in the wings may well explain why the Prime Minister recently warned the major agricultural exporter that it could eventually experience the same kind of trade disruption in China that Australian exporters have experienced.

However, New Zealand has called China out before. In 2018 the GCSB issued a statement saying it had established links between the Chinese Ministry of State Security and a global campaign of cyber-enabled commercial, intellectual property theft.

“This long-running campaign targeted the intellectual property and commercial data of a number of global managed service providers, some operating in New Zealand,” Director-General of the GCSB Andrew Hampton said.

China did not respond to that statement, but the question today will be how it decides to respond to last night’s statement.