New Zealand reportedly notified China on Tuesday about a concern that Beijing was allegedly involved in a state-sponsored cyberattack on the New Zealand parliament in 2021 that was discovered by the nation's intelligence services.
The disclosures that data was obtained via malevolent cyberattacks directed at New Zealand's legislative bodies coincide with the accusations made by the United States and Britain against China for conducting a broad-scale cyberespionage operation. Australia and New Zealand have both denounced the wider activity.
New Zealand's Foreign Minister Winston Peters said in a statement, “Foreign interference of this nature is unacceptable, and we have urged China to refrain from such activity in future."
He said that the Chinese ambassador had been informed about concerns regarding cyber activity that was purportedly carried out by groups supported by the Chinese government, which was directed towards democratic institutions in both the United Kingdom and New Zealand.
On Tuesday, a parliamentary committee was informed by a senior intelligence official in New Zealand that seven of its citizens had trained China's military during the previous 18 months, posing a "major national security risk."
In an email, a spokesman for the Chinese Embassy in New Zealand stated that they reject "outright such groundless and irresponsible accusations" and that they have communicated their displeasure and unwavering opposition to the authorities in New Zealand.
"We have never, nor will we in the future, interfere in the internal affairs of other countries, including New Zealand. Accusing China of foreign interference is completely barking up the wrong tree," the spokesperson said.
The government announced earlier on Tuesday that links had been found between malicious cyber activity targeting New Zealand's parliamentary services and parliamentary counsel office in 2021 and Advanced Persistent Threat 40 (APT40), a Chinese state-sponsored actor. Links were established by the Communications Security Bureau (GCSB), which oversees cyber security and signals intelligence.
APT40 is connected to the Ministry of State Security, according to the GCSB.
It further stated that while APT40 had obtained access to critical data that the New Zealand government needs to function effectively, none of the sensitive or critical data had been deleted. Rather, the GCSB stated that it thought the group had eliminated more technical information that would have permitted more invasive actions.
According to the GCSB, state-sponsored actors were implicated in 23 percent of the 316 malicious cyber events that involved nationally significant organizations during the previous fiscal year.
China was not directly blamed for these attacks, and New Zealand denounced the Russian government's malevolent cyberactivity last year.
"It is unacceptable for any minister in charge of the GCSB to use cyber-enabled espionage operations to meddle in democratic institutions and processes."
Late on Monday, officials from the United States and the United Kingdom levied charges, enforced sanctions, and charged Beijing with a massive cyber espionage campaign that targeted millions of individuals, including lawmakers, academics, journalists, and businesses, such as defense contractors.
The hacking group responsible was dubbed Advanced Persistent Threat 31, or "APT31," by American and British officials, who also claimed that it was a branch of China's Ministry of State Security. Officials listed a long list of targets, including British parliamentarians, U.S. senators, White House staffers, and foreign officials who had voiced criticism of Beijing. Security firms, dissidents, and defense contractors were also targeted, according to officials from the two nations.
Australia's Home Affairs Minister Clare O'Neil and Foreign Minister Penny Wong issued a joint statement stating that persistent attacks on democratic institutions and procedures have repercussions for open and democratic nations like Australia. It declared that this behavior was intolerable and had to end.
Prior to the general election in 2019, Australian intelligence identified China as the source of a cyberattack on the country's national parliament and three major political parties. However, the Australian government never made the identity of the attackers publicly known.
Director-General of Security Andrew Hampton of New Zealand's Security Intelligence Service reported to a parliamentary committee on Tuesday that seven nationals had resigned from positions at firms that supplied China's military with training.
He said, "They were passing on their training and expertise from their previous employment with partner militaries and the New Zealand Defence Force." "This conduct undoubtedly presents a serious threat to national security."
