Cyber-attacks: Govt courageous to call out China's 'ram-raid' operation – experts

Credit: Original article can be found here

GCSB Minister Andrew Little says China is responsible for ‘malicious’ cyber-attacks. Photo / Mark Mitchell

Experts say it’s a big deal for New Zealand to call out China, our biggest trading partner, for “smash-and-grab” cyber-attacks after quiet diplomacy failed to deter the Chinese Ministry of State Security.

Late last night, Minister for the Government Communications Security Bureau Andrew Little said the Government had uncovered evidence of Chinese state-sponsored cyber attacks in New Zealand.

The timing of his statement aligned with similar statements from the US, UK, Australia, Canada, the EU and Japan.

Little said that the GCSB had established links between Chinese state-sponsored actors known as Advanced Persistent Threat 40 (APT40) and malicious cyber activity in New Zealand.

China has hit back, with the Chinese embassy in Wellington saying the accusation from New Zealand is “totally groundless and irresponsible”.

“China expresses strong dissatisfaction and firm opposition and has already lodged solemn representation with the New Zealand government,” the statement said.

“Given the virtual nature of cyberspace, one must have clear evidence when investigating and identifying cyber-related incidents. Making accusations without prove is malicious smear.”

“We urge the New Zealand side to abandon the Cold War mentality, adopt a professional and responsible attitude when dealing with cyber incidents, and work with others to jointly tackle the challenge through dialogue and cooperation rather than manipulating political issues under the pretext of cyber security and mudslinging at others.”

Waikato Professor of Law Alexander Gillespie said it was “special” for Andrew Little to name China, even though the GCSB estimates that about 30 per cent of cyber attacks are state-based.

“It’s also special because calling out China, especially at this delicate time in our relationship with them, takes a lot of courage.”

Strategic analyst Paul Buchanan said the attacks were to do with Microsoft Exchange, and China’s behaviour had changed.

“That’s what’s prompted developments overnight. In the past, Chinese hackers targeted specific entities – military, political, diplomatic, economic. This was mass scale,” he told Newstalk ZB.

“It’s been likened to a ram-raid or smash-and-grab operation where Chinese state hackers shared the vulnerability with criminal entities – much like the Russians do.

“This basically breached the limits of toleration of Western intelligence community.”

He said New Zealand and the Five Eyes partners had tried to get China to back off behind the scenes.

“They were ignored. That’s why now we have this very public response with much larger partners.”

Buchanan said China should be wary that there might be retribution.

“If the Chinese can play this game, the Five Eyes can play the game. The Chinese need to understand that if they’re not going to heed the private entreaties or their target countries, they may receive a like-minded response.

“And that would not be good for them.”

Gillespie said it remained to be seen whether there would be any counter-measures, and if so, how New Zealand would fit into those.

Also relevant was whether any of the cyberattacks were on “critical infrastructure”.

“[US President Joe] Biden, in his meeting with [Russian counterpart Vladimir] Putin in Geneva a few weeks ago, put down a ‘red line’ around 16 ‘critical areas’ that could not be cyber-attacked,” Gillespie said.

“Biden warned if they were, ‘counter-measures’ would be the reply. New Zealand agrees with this approach.”

International cyber-security laws were a mess, he said, with no treaty that’s state-based as opposed to criminal-based.

He said there was a treaty on cyber-crime, which New Zealand has just announced it will sign up to, but it was of limited value as Russia, North Korea, and China haven’t signed up.

Little said the GCSB had “worked through a robust technical attribution process” to establish its conclusions.

“We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory,” Little said in a statement.

“The GCSB has also confirmed Chinese state-sponsored actors were responsible for the exploitation of Microsoft Exchange vulnerabilities in New Zealand in early 2021.”

Microsoft email servers have been targeted and Little said the GCSB has helped the affected local organisations.

He would not name any victims citing national security and commercial confidentiality.

The British Foreign Ministry said the attacks took place earlier this year and affected more than a quarter of a million servers worldwide.