New Zealand in “Vulnerable Position” Amid China’s Hacking Charges
New Zealand has put itself in a vulnerable position by joining with other Western allies and Japan in accusing China of state-sponsored cyber attacks, according to an intelligence analyst.
New Zealand has joined with the US, UK, EU, Britain, Australia, Japan and Canada in publicly denouncing Beijing for piracy.
In overnight statements, they blamed China for the major cyberattack on Microsoft Exchange servers earlier this year, affecting at least 30,000 organizations around the world.
Western security services believe this marked the shift from a targeted espionage campaign to a smash-and-grab raid, raising concerns that Chinese cyber behavior is escalating.
China’s State Security Ministry (MSS) has also been accused of broader espionage activity and a broader pattern of “reckless” behavior. China has previously denied the hacking allegations and says it opposes all forms of cybercrime.
The New Zealand government said it discovered evidence of links between Chinese state-sponsored actors known as Advanced Persistent Threat 40 (APT40) and malicious cyber activity in New Zealand.
“The GCSB has gone through a strong technical award process in relation to this activity,” said Minister responsible for the Government’s Communications Security Office Andrew Little.
“New Zealand today joins other countries in strongly condemning this malicious activity undertaken by the Chinese Ministry of State Security (MSS) – both in New Zealand and around the world.”
Intelligence analyst Paul Buchanan said intelligence reports had previously accused Chinese hackers of being involved in exploiting Microsoft’s vulnerability, but the confrontation escalated.
“Before that, Chinese state-sponsored hackers operating under the guise of the State Security Ministry were doing targeted espionage, targeted hacking – stealing things but not asking for ransom.
“They were looking for military targets, diplomatic targets, economic targets.
“Here it is what has been characterized as a ram raid attack, a crush and seize attack, where state-sponsored hackers shared the vulnerability of Microsoft Exchange with criminal organizations,” Buchanan said. at RNZ. Morning report.
“It’s a trend the Russians have exploited, where criminals and state agents overlap and one shares information with the other for their mutual benefit.
“This obviously escalated the confrontation between Western and Chinese signal intelligence agencies, and this overnight response is clear proof of that.”
“The targeted attack has become a mass stacking”
Western intelligence officials say aspects of the attack on Microsoft Exchange services are significantly more serious than anything they have seen before, said Gordon Corera, BBC Security correspondent. reports.
It started in January when hackers from a China-related group known as Hafnium began exploiting a vulnerability in Microsoft Exchange. They used the vulnerability to insert backdoors into systems they might return to later.
The UK said the attack was likely to allow large-scale espionage, including the acquisition of personal information and intellectual property.
It was mainly carried out against specific systems aligned with previous Hafnium goals, such as defense contractors, think tanks and universities.
“We believe cyber operators working under Chinese intelligence control discovered Microsoft’s vulnerability in early January and rushed to exploit the vulnerability before [it] has been widely identified in the public domain, ”a security source told the BBC.
If that had been all, it would have been just another spy operation. But at the end of February, something important changed. The targeted attack became a mass stack when other China-based groups began to exploit the vulnerability. The goals have been broadened to encompass key industries and governments around the world.
He had gone from targeted espionage to a massive smash-and-grab raid.
Western security sources believe Hafnium gained prior knowledge that Microsoft intended to fix or close the vulnerability, and therefore shared it with other China-based groups to maximize benefits before it hit. becomes obsolete.
It was the recklessness of the decision to spread the vulnerability that contributed to the decision to call out the Chinese publicly, officials said.
Microsoft made the vulnerability public on March 2 and offered a patch to close it. By this point, more and more hackers around the world had realized its value and piled up.
About a quarter of a million systems around the world remained exposed – often small to medium-sized businesses and organizations – and at least 30,000 were compromised.
New Zealand in a “vulnerable position”
Buchanan said New Zealand has put itself in a vulnerable position by joining the international condemnation.
“Apparently New Zealand and its partners quietly approached the Chinese and asked them to step back and change their behavior. They did the quiet diplomacy New Zealand is so famous for, and it didn’t work. Apparently the attacks persist.
“All the partners involved in this public announcement, NATO, the EU, Japan, the other partners of Five Eyes, are less vulnerable than New Zealand to particularly Chinese economic reprisals.
“New Zealand has craned its neck here, but I think at some point state actions in this area become intolerable. Obviously, the limits of tolerance have been reached, even for a small, vulnerable state. like New Zealand. “
US blames Chinese nationals
The United States has officially attributed intrusions such as the one that affected servers running Microsoft Exchange earlier this year to hackers affiliated with China’s State Security Ministry. Microsoft had already blamed China.
US officials said they were surprised at the extent and scale of the hacking attributed to China, as well as China’s use of “criminal hackers.”
The US Department of Justice has charged four Chinese nationals – three security officials and a hacker – with targeting dozens of businesses, universities and government agencies in the United States and abroad.
While a wave of statements from Western powers represents a broad alliance, cyber experts have said the lack of consequences for China beyond the US indictment is glaring. Just a month ago, statements at the G7 and NATO summits warned China and declared it a threat to international order.
Adam Segal, cybersecurity expert at the Council on Foreign Relations in New York, told Reuters the announcement was a “successful effort to get friends and allies to attribute the action to Beijing, but not very useful without any follow-up concrete”.
– RNZ / BBC / Reuters