Data relating to New Zealand MPs was stolen amid Chinese state-sponsored cyber espionage targeting two arms of the country’s Parliament.
Heads of New Zealand spy agency, the Government Communications Security Bureau (GCSB), have acknowledged some data was accessed in the 2021 hack but said it was not of a “strategic or sensitive” nature. It was not explained what kind of data was accessed for security reasons.
It comes as the Government says it isn’t looking to introduce sanctions against China, despite it being the first time New Zealand’s Parliament has been targeted in such a way.
GCSB minister Judith Collins revealed the hack in a statement this morning that also condemned China for its “malicious cyber activity” aimed at the UK’s Electoral Commission and members of its Parliament.
Prime Minister Christopher Luxon said calling out China for the hacking is an important step in protecting liberal democracies around the world.
The Chinese ambassador to New Zealand Wang Xiaolong has also been spoken to late this morning by senior foreign affairs officials, who urged him to convey to China New Zealand’s request to refrain from such activity in the future.
It follows reports of United States, British and Australian officials filing charges, imposing sanctions or calling out Beijing over a sweeping cyber-espionage campaign that allegedly hit millions of people, including lawmakers, academics and journalists.
Collins today said the GCSB had completed a “robust technical assessment” following “malicious cyber activity” targeting New Zealand’s Parliamentary Counsel Office and the Parliamentary Service in 2021.
Minister responsible for the GCSB Judith Collins has given more details about the Chinese interference in NZ's Parliament in 2021. Photo / Marty Melville
The assessment found the Chinese state-sponsored actors known as Advanced Persistent Threat 40 (APT 40) were responsible.
Some data was removed from the system, but based on the GCSB analysis, the data was not of a strategic or sensitive nature.
“The use of cyber-enabled espionage operations to interfere with democratic institutions and processes anywhere is unacceptable,” Collins said.
“Fortunately, in this instance, the [National Cyber Security Centre] worked with the impacted organisations to contain the activity and remove the actor shortly after they were able to access the network.
“These networks contain important information that enables the effective operation of the New Zealand government. It is critical that we protect this information from all malicious cyber threats.”
Collins said officials had raised the issue of cyber attacks with China, but the Government didn’t have plans to create legislation to put sanctions on China.
Collins said the collective response from the international community to China’s actions served as a “timely reminder” of the importance of strong cyber security measures.
“It’s important liberal democracies stand up for other liberal democracies,” Collins said.
Luxon said he was not briefed in 2021, but he has been briefed in his security meetings since becoming Prime Minister.
He said he did not bring it up during last week’s meeting with Chinese foreign minister Wang Yi and it wouldn’t disrupt any plans to travel to China.
Luxon said New Zealand has a long-standing relationship with China, but he wasn’t afraid to call out the differences in our countries.
Trade Minister Todd McClay said he did not believe New Zealand’s naming of China for spying would result in any ramifications or fallout in the trade relationship.
”As far as trade is concerned, I don’t have any concerns. We have a broad and long-standing relationship with China and it’s important New Zealand is able to express its views on the world stage. We are doing that.”
In a press conference hosted by the GCSB’s Director-General Andrew Clark and Deputy Director-General Lisa Fong, they said their analysis confidently linked the activity to China.
Clark said they haven’t seen any information to suggest New Zealand’s elections had been affected.
Data was removed from the system targeted, Clark said, but based on the GCSB analysis, the data was not of a strategic or sensitive nature.
Fong said the Speaker’s Office had engaged with any impacted MPs following the hack. The Herald is yet to receive a response from the Speaker’s Office to a request for further information.
Clark said it is not common to attribute cyber attacks to state-sponsored actors. He noted it was largely up to the government of the day to decide whether New Zealand publicly condemned a foreign state for its involvement in a cyber attack.
He said New Zealanders can feel reassured that this detection was located quickly and action was taken before sensitive information was stolen.
Clark said there were 316 cyber attacks on major New Zealand institutions last year and 23 per cent of those were attributed to state-sponsored actors.
In an earlier statement, Clark acknowledged New Zealand’s Parliamentary Council Office (PCO) and the Parliamentary Service had been “compromised by a malicious cyber actor”.
He said “extensive support” was provided to the targets of the activity to “reduce the impact of the compromise”. Advice was also given to organisations “potentially at risk by association”, but didn’t name those that received advice.
“Analysis of the tactics and techniques used by the actor enabled us to confidently link the actor to a People’s Republic of China (PRC) state-sponsored group known as APT 40,” he said.
Clark said a “comprehensive remediation plan” had been developed for the PCO and the Parliamentary Service. He cited “further improvements” that had been made to their networks.
Clark and New Zealand Security Intelligence Service Security Director-General Andrew Hampton will front the Intelligence and Security committee this evening and will face questions on China’s involvement in the cyber activity concerning New Zealand.
Foreign Minister orders officials to call Chinese ambassador
Foreign Minister Winston Peters has confirmed senior foreign affairs officials have spoken to Chinese ambassador to New Zealand Wang Xiaolong today to urge China to “refrain from such activity”.
“Foreign interference of this nature is unacceptable, and we have urged China to refrain from such activity in future,” he said.
“New Zealand will continue to speak out – consistently and predictably – where we see concerning behaviours like this.”
Peters referenced his meeting last week with Chinese Foreign Minister Wang Yi, noting that the two countries had a “significant and complex relationship”.
“We cooperate with China in some areas for mutual benefit. At the same time, we have also been consistent and clear that we will speak out on issues of concern.”
Same group behind separate 2021 Chinese hacking
In 2021, former GCSB Minister Andrew Little condemned the Chinese Ministry of State Security for its malicious cyber activity, in a separate incident to the revelations from Collins today.
APT 40, the same group named today, was said to be responsible for the incident.
In a statement at the time, Little confirmed Chinese state-sponsored actors were responsible for the exploitation of Microsoft Exchange vulnerabilities in New Zealand in early 2021.
“We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory,” Little said in a statement.
Hacks shows need for top-quality GCSB - former minister
Former GCSB Minister Chris Finlayson praised the GCSB for picking up the hack quickly and shutting it down before any sensitive intelligence could be gleaned.
”This development is very serious. There’s a very good protection system with ministers, but with the average Member of Parliament, finding out what they are up to and so on, that’s the concerning thing,” he said.
”It shows why we need a top-quality GCSB to protect the interests of the New Zealand Parliament.”
He didn’t think it reflected badly on the GCSB that the China-sponsored agent was able to breach Parliament’s cybersecurity in the first place.
”I don’t know, they’re pretty skilled. It looks as though the GCSB picked it up very quickly and acted on it, which is good.”
Finlayson declined to comment on whether the Government should sanction China, but a public condemnation was good.”It’s important that they know that we know.”
China is “sensitive” about such allegations - Hipkins
Labour leader Chris Hipkins said he endorsed the statement Collins had released today, saying cases of foreign interference were “very concerning.”
”I think interference in one country’s democratic processes by another country is something we should be incredibly concerned about.
”However, he would not say whether he thought sanctions against China or specific Chinese entities should follow. “Those are judgments for the government to make.”
Asked if he thought New Zealand should be concerned about repercussions from China, Hipkins said that generally speaking China was “sensitive” about allegations of spying.
”I imagine they won’t be happy about the fact we have gone public with this information.”
He said in the past, it had prompted “strongly-worded statements.”
Labour leader Chris Hipkins during his stand-up, where he was critical of Prime Minister Christopher Luxon accepting an accommodation allowance when he can stay at Premier House if he wanted to, Parliament, Wellington. 01 March, 2024. New Zealand Herald photograph by Mark Mitchell.
He said it would be appropriate for the Foreign Minister to call in China’s Ambassador on the issue.
He said he had not raised the issue of spying with China’s President Xi Jinping when he met with him last year in Beijing, or with China’s Premier Li Qiang.
“We obviously identify carefully when the appropriate time to raise these issues is, and we weren’t in a position to raise it when I was in China last year.”
Hipkins said today’s revelations had not been released by the previous Labour government because they had not yet reached the stage of being able to do so.
”It’s a pretty big step to name a country with foreign interference. We were going through the process of preparing to do this. We obviously didn’t quite get to the end point that involves alignment with the other partners or other international partners.”
He said “national security” was one reason why Labour had not been able to go public on this, despite relatively quickly naming China in relation to the separate incident relating to the same hacking group in 2021. He would not expand on that.
Adam Pearse is a political reporter in the NZ Herald Press Gallery team, based at Parliament. He has worked for NZME since 2018, covering sport and health for the Northern Advocate in Whangārei before moving to the NZ Herald in Auckland, covering Covid-19 and crime.
Take your Radio, Podcasts and Music with you