New Zealand’s cyber spy agency has linked a global cyberattack, which targeted some global service providers operating locally, to the Chinese state.
Allies, including the US, the UK and Australia have also been targeted by Beijing’s worldwide campaign, in what’s being described as one of the most wide-ranging cases of corporate espionage on record.
Government Communications Security Bureau (GCSB) director-general Andrew Hampton said the organisation had established links between the Chinese Ministry of State Security (MSS) and a global campaign of cyber-enabled commercial intellectual property theft.
The long-running campaign targeted the intellectual property and commercial data of a number of global managed service providers, some operating in New Zealand, Hampton said.
A group called APT10 carried out the campaign on behalf of the Chinese state, targeting 45 large-scale managed service providers – specialist companies that manage IT services and infrastructure for many medium to large businesses and organisations – in 12 countries.
This type intellectual property-focussed attack cuts to the heart of the issues behind rising tensions, and tit-for-tat actions, between the United States and China.
The trade war and the Huawei saga – which recently saw Huawei’s chief financial officer arrested in Canada, and retaliatory measures in China – has its roots in a race over digital intellectual property.
This wide-spread attack on multi-national service providers, which was flagged in April 2017, was allegedly aimed at stealing trade secrets from governments and high-tech companies.
But the National Cyber Security Centre (NCSC) said there was no suggestion the campaign was targeting New Zealand’s general public or small to medium enterprises.
Prime Minister Jacinda Ardern was not commenting on the attack, which likely illustrated the sensitivity of the matter. Her office deferred to Minister Responsible for the GCSB Andrew Little and Foreign Minister Winston Peters. Neither proactively released a statement on the state-sponsored attack.
Across the ditch, Foreign Affairs Minister Marise Payne and Home Affairs Minister Peter Dutton released a statement expressing concern about the attack.
Using similar language to their US counterparts, Payne and Dutton said: “Australia calls on all countries – including China – to uphold commitments to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining a competitive advantage.”
The GCSB’s Hampton said China’s actions broke the commitment of all APEC countries, including China, to not conduct or support ICT-enabled theft of intellectual property or other confidential business information, for commercial advantage.
“New Zealand is committed to upholding the rules-based international order, and today joins likeminded partners in expressing that such cyber campaigns are unacceptable,” he said.
Since 2017 the NCSC and GCSB have worked with New Zealand organisations to take steps to protect their networks, and engaged with New Zealand subsidiaries of the targeted managed service providers to assist in their response.
“The GCSB has worked through a robust attribution process in relation to this campaign. New Zealand attributes cyber incidents where it is in the national interest to do so.”
About a third of the serious incidents recorded by the NCSC can be linked to state-sponsored actors.