New Zealand has put itself in a vulnerable position by joining other Western allies and Japan in accusing China of state-sponsored cyber attacks, an intelligence analyst says.
New Zealand has joined the US, UK, the EU, Britain, Australia, Japan and Canada in publicly calling out Beijing for hacking.
In statements overnight they have accused China of the major cyber attack on Microsoft Exchange servers earlier this year, affecting at least 30,000 organisations globally.
Western security services believe it signalled a shift from a targeted espionage campaign to a smash-and-grab raid, leading to concerns Chinese cyber-behaviour is escalating.
The Chinese Ministry of State Security (MSS) has also been accused of wider espionage activity and a broader pattern of “reckless” behaviour. China has previously denied allegations of hacking and says it opposes all forms of cyber-crime.
The New Zealand government said it had uncovered evidence of links between Chinese state-sponsored actors known as Advanced Persistent Threat 40 (APT40) and malicious cyber activity in New Zealand.
“The GCSB has worked through a robust technical attribution process in relation to this activity,” Minister responsible for the Government Communications Security Bureau Andrew Little said.
“New Zealand is today joining other countries in strongly condemning this malicious activity undertaken by the Chinese Ministry of State Security (MSS) – both in New Zealand, and globally.”
The Chinese Embassy in New Zealand described the government’s claim as “groundless and irresponsible”.
In a statement, an embassy spokesperson said it was is strongly dissatisfied and had lodged “solemn representation” with the New Zealand government.
Intelligence analyst Paul Buchanan said intelligence reports had already accused Chinese hackers of involvement in exploiting the Microsoft vulnerability, but the confrontation had escalated.
“Prior to this, Chinese state sponsored hackers operating under the guise of the Ministry of State Security did targeted espionage, targeted hacking – stealing things but not asking for ransoms.
“They were looking at military targets, diplomatic targets, economic targets.
“Here, this was what has been characterised as a ram raid attack, a smash and grab attack, where state-sponsored hackers shared the vulnerability of Microsoft Exchange with criminal organisations,” Buchanan told RNZ’s Morning Report.
“This has been a trend that the Russians have exploited, where criminals and state agents overlap and one shares information with the other for their mutual benefit.
“That obviously has ratcheted up the confrontation between signals intelligence agencies in the West and the Chinese, and this response overnight is clear proof of that.”