The Government isn’t looking to introduce sanctions against China after New Zealand’s spy agency, the Government Communications Security Bureau (GCSB), has tied a state-sponsored actor linked to China to historical targeting of Parliamentary entities in New Zealand.
It comes as New Zealand joins with the United Kingdom to condemn China’s "malicious cyber activity" aimed at the UK’s Electoral Commission and members of its Parliament.
It follows reports of United States, British and Australian officials filing charges, imposing sanctions or calling out Beijing over a sweeping cyber-espionage campaign that allegedly hit millions of people, including lawmakers, academics and journalists.
Prime Minister Christopher Luxon said calling out China for the hacking is an important step in protecting liberal democracies around the world.
In a statement released this morning, the minister responsible for the GCSB, Judith Collins, said the New Zealand spy agency had completed a "robust technical assessment" following "malicious cyber activity" targeting the Parliamentary Counsel Office and the Parliamentary Service in 2021.
The assessment found the Chinese state-sponsored actors known as Advanced Persistent Threat 40 (APT 40) were responsible.
Some data was removed from the system, but based on the GCSB analysis, the data was not of a strategic or sensitive nature.
"The use of cyber-enabled espionage operations to interfere with democratic institutions and processes anywhere is unacceptable," Collins said.
"Fortunately, in this instance, the [National Cyber Security Centre] worked with the impacted organisations to contain the activity and remove the actor shortly after they were able to access the network.
"We commend the impacted organisations for acting decisively to mitigate the impact, and for the measures they have taken since the incident to harden their cyber defences and strengthen the resilience of their networks.
"These networks contain important information that enables the effective operation of the New Zealand government. It is critical that we protect this information from all malicious cyber threats."
Collins said officials have raised the issue of cyber attacks with China, but the Government doesn’t have plans to create legislation to put sanctions on China.
Collins said the collective response from the international community to China’s actions served as a "timely reminder" of the importance of strong cyber security measures.
"It’s important liberal democracies stand up for other liberal democracies," Collins said.
She said she trusts her security agencies when they say these attacks come from China.
Collins was not aware of any MPs being targeted by hacks.
Luxon said he was not briefed in 2021, but he has been briefed in his security meetings since becoming Prime Minister.
He said he did not bring it up during last week’s meeting with Chinese foreign minister Wang Yi and it wouldn’t disrupt his planned trip to China later this year.
Luxon said New Zealand has a long-standing relationship with China, but he wasn’t afraid to call out the differences in our countries.
Trade Minister Todd McClay said he did not believe New Zealand’s naming of China for spying would result in any ramifications or fallout in the trade relationship.
"As far as trade is concerned, I don’t have any concerns. We have a broad and long-standing relationship with China and it’s important New Zealand is able to express its views on the world stage. We are doing that."
In a press conference hosted by the GCSB’s Director-General, Andrew Clark and Deputy Director-General GCSB, Lisa Fong, said their analysis confidently linked the activity to China.
Clark said they haven’t seen any information to suggest the electoral process has been affected.
Data was removed from the system targeted, Clark said, but based on the GCSB analysis, the data was not of a strategic or sensitive nature.
Clark said it is not common to attribute cyber attacks to state-sponsored actors.
He said New Zealanders can feel reassured that this detection was located quickly and action was taken before sensitive information was stolen.
Clark said there were 316 cyber attacks on major New Zealand institutions last year and 23 per cent of those were attributed to state actors.
In a statement, Clark acknowledged New Zealand’s Parliamentary Council Office (PCO) and the Parliamentary Service had been "compromised by a malicious cyber actor".
He said "extensive support" was provided to the targets of the activity to "reduce the impact of the compromise". Advice was also given to organisations "potentially at risk by association", but didn’t name those that received advice.
"Analysis of the tactics and techniques used by the actor enabled us to confidently link the actor to a People’s Republic of China (PRC) state-sponsored group known as APT 40," he said.
"This link has been reinforced by analysis from international partners of similar events in their own jurisdictions."
Clark said a "comprehensive remediation plan" had been developed for the PCO and the Parliamentary Service. He cited "further improvements" that had been made to their networks.
Clark and New Zealand Security Intelligence Service Security Director-General Andrew Hampton will front the Intelligence and Security committee this evening and will face questions on China’s involvement in the cyber activity concerning New Zealand.
Same group behind separate 2021 Chinese hacking
In 2021, former GCSB Minister Andrew Little condemned the Chinese Ministry of State Security for its malicious cyber activity, in a separate incident to the revelations from Collins today.
APT 40, the same group named today, was said to be responsible for the incident.
In a statement at the time, Little confirmed Chinese state-sponsored actors were responsible for the exploitation of Microsoft Exchange vulnerabilities in New Zealand in early 2021.
"We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory," Little said in a statement.
China is "sensitive" about such allegations - Hipkins
Labour leader Chris Hipkins said he endorsed the statement Collins had released today, saying cases of foreign interference were "very concerning."
"I think interference in one country’s democratic processes by another country is something we should be incredibly concerned about.
"However, he would not say whether he thought sanctions against China or specific Chinese entities should follow. "Those are judgments for the government to make."
Asked if he thought New Zealand should be concerned about repercussions from China, Hipkins said that generally speaking China was "sensitive" about allegations of spying.
"I imagine they won’t be happy about the fact we have gone public with this information."
He said in the past, it had prompted "strongly worded statements".
He said it would be appropriate for the Foreign Minister to call in China’s Ambassador on the issue.
He said he had not raised the issue of spying with China’s President Xi Jinping when he met with him last year in Beijing, or with China’s Premier Li Qiang.
"We obviously identify carefully when the appropriate time to raise these issues is, and we weren’t in a position to raise it when I was in China last year."
Hipkins said today’s revelations had not been released by the previous Labour government because they had not yet reached the stage of being able to do so.
"It’s a pretty big step to name a country with foreign interference. We were going through the process of preparing to do this. We obviously didn’t quite get to the end point that involves alignment with the other partners or other international partners."
He said "national security" was one reason why Labour had not been able to go public on this, despite relatively quickly naming China in relation to the separate incident relating to the same hacking group in 2021. He would not expand on that.
