The following press release was issued by the Government Communications Security Bureau, or GCSB, on Friday morning.
Cyber campaign attributed to China
The Government Communications Security Bureau (GCSB) has established links between the Chinese Ministry of State Security (MSS) and a global campaign of cyber-enabled commercial intellectual property theft.
“This long-running campaign targeted the intellectual property and commercial data of a number of global managed service providers, some operating in New Zealand,” Director-General of the GCSB Andrew Hampton said.
“This activity is counter to the commitment all APEC economies, including China, made in November 2016. APEC economies agreed they should not conduct or support ICT-enabled theft of intellectual property or other confidential business information, for commercial advantage.
“New Zealand is committed to upholding the rules-based international order, and today joins likeminded partners in expressing that such cyber campaigns are unacceptable.
“We became aware of this campaign in early 2017. Our National Cyber Security Centre (NCSC) issued advice on its website, enabling New Zealand organisations to take steps to protect their networks. We also engaged with New Zealand subsidiaries of the targeted managed service providers to assist in their response.
“The GCSB has worked through a robust attribution process in relation to this campaign. New Zealand attributes cyber incidents where it is in the national interest to do so. Our approach today is consistent with GCSB’s previous attributions of cyber activity.
“Around a third of the serious incidents recorded by the NCSC can be linked to state-sponsored actors. This ongoing activity reinforces the importance of organisations having strong cyber security measures across their supply chain.
“Cyber-security is a team effort and the NCSC encourages organisations to take the time to ensure they have their security settings right,” Mr Hampton said.
The advice issued to MSPs in 2017 is available here
Further information about New Zealand’s cyber resilience and tips on how it can be improved can be found in this report published by the NCSC in October 2018 here