Russia has been blamed by the head of New Zealand’s signals intelligence and cyber security agency for fabricating conspiracy theories about Western bioweapons laboratories in Ukraine.

Andrew Hampton, the director-general of the Government Communications Security Bureau (GCSB), made the comments in an address last week to the Wairarapa branch of the New Zealand Institute of International Affairs.

His speech, entitled “the cybersecurity implications of the Russian invasion of Ukraine”, also highlighted the surprising lack of Russian cyber attacks on Western countries and the changing nature of cyber warfare.

“While there is a battle on the land, in the air and on the ocean raging in Ukraine, there is also a battle raging in the cyber and information domains,” he said.

“Moscow has attempted to fabricate stories about attacks on ethnic Russians in the Donbas, and more recently – for example – Western bio labs on Ukrainian territory. More generally, it has used disinformation to vigorously promote its rationale for its illegal and unprovoked invasion and its distorted view of how the conflict is progressing.”

The GCSB warned New Zealand’s nationally significant institutions ahead of the Russian invasion of Ukraine to be prepared for an escalation in cyber threats. However, “the Russian cyber offensive’s impact on the global cyber threatscape to date has also been of a lesser scale than some expected. It could be assumed Russia is being mindful not to miscalculate and escalate on the global cyber-front beyond Ukraine, the same as it is on the battlefield. In equal measure the heightened cyber defensive posture of other nations is almost certainly successfully warding off attacks.”

Domestically, Hampton said, there hadn’t been a “significant change” in the cyber landscape.

This isn’t to say that Russia hasn’t been engaged in cyber warfare. The spy boss said Russia has targeted Ukrainian digital infrastructure alongside its physical assaults.

“It may not have been of the scale or had the impact some had anticipated, but it is happening.”

The Russian war in Ukraine has also seen the debut of a new type of intelligence warfare, Hampton said, in which findings are declassified in an effort to fight Russian disinformation.

“In the lead-up to, and the early stages of, the Russian invasion I would frequently walk across to the Beehive to brief Ministers and officials on the latest insights from intelligence. Within hours this intelligence would be declassified by partners and made public – something I have not seen before,” he said.

“As we all know the intelligence community is traditionally secretive. But these are extraordinary times. I have no doubt the unprecedented public release of intelligence in this conflict, including its use as a diplomatic tool, will have significant and ongoing implications for the sharing and declassification of intelligence in other contexts.”

In April 2021, the GCSB formally accused Russia of sponsoring the hackers behind the SolarWinds attack – a year-long data breach that saw thousands of organisations globally download malware. While fewer than 100 organisations were estimated to have actually been hacked as a result of the breach, many times more had to apply security patches and check their systems, according to GCSB Minister Andrew Little.

Alongside Russia, China and North Korea have also been identified by the GCSB as sponsoring a total of seven other cyber attacks in recent years.

“We are aware of other countries involved in state-sponsored cyber activity both internationally and on New Zealand networks,” Hampton said in his speech on Thursday.

“Recently the Bureau has also provided classified briefings to the Government about state actors targeting several key governmental organisations and the role of the NCSC in identifying and evicting the attackers, and helping the victim agencies restore their systems.”

While state-sponsored attackers often seek not to disrupt services because they’re searching for intelligence, criminal groups who aim to disrupt are on the rise, Hampton said.

Ransomware is increasingly being targeted at high-profile organisations after criminals have taken time and resources to study the best approaches. That’s a sea change from the automated scattergun approach that has been the norm until now.

“Malicious actors are putting considerable effort into researching the sensitivity of the data, operating environments, and financial information of their victims. This strategy is sometimes called ‘big game hunting,’” Hampton said.

The GCSB received $46 million in new funding over the next four years in Budget 2022, including an extra $19 million for its National Cyber Security Centre.

Marc Daalder is a senior political reporter based in Wellington who covers climate change, health, energy and violent extremism. Twitter/Bluesky: @marcdaalder

Leave a comment