Tirohanga whānui Overview

The growing availability of effective malicious cyber tools, compromised credentials, and vulnerabilities in public-facing infrastructure has made it easier for malicious cyber actors to work at scale, and with the sophistication required to cause national-level harm. It is likely more politically or ideologically motivated groups and individuals have access to the cyber tools they require to cause real-world impacts, and they are further galvanised by domestic and global events. The effects of Russia’s invasion of Ukraine in February 2022 continue to be felt in cyberspace, too. While the direct cyber threat to Aotearoa New Zealand has not changed as a result of the invasion, the number and frequency of destructive or disruptive malicious cyber incidents globally has likely increased. 

The first section of this report provides the NCSC’s view of cyber threats affecting Aotearoa New Zealand. Based on our observations of the domestic cyber threat landscape, the report also provides advice on the steps organisations can take to mitigate the most significant threats seen this year. We work every day to protect Aotearoa New Zealand’s prosperity and security through the provision of trusted cyber security services. However, all organisations play a part in protecting New Zealanders’ privacy and security by adopting good cyber security practices.

Some of the key themes we explore include the continued effects of cyber criminal activity and extortion. We see ransomware imposing significant costs and requiring substantial recovery efforts. We increasingly see malicious cyber activity with downstream impacts, as Aotearoa New Zealand’s digital supply chain is only growing in depth and interconnectedness. Phishing and other forms of social engineering are ubiquitous and effective. However, new techniques and emerging technology such as generative AI will almost certainly enable more convincing and targeted lures, potentially leading to a heightened pace of compromise.

During the 2022/2023 year, the NCSC contributed to several cyber security advisories, publicly identifying sophisticated malicious cyber activity and providing steps to detect and mitigate its impact.

In May 2023, we joined international cyber security partners in disclosing technical information about malicious software (malware) associated with Russia’s Federal Security Service (FSB). In the same month, the NCSC joined its like-minded partners to identify techniques associated with the stealthy compromise of critical infrastructure. By ‘living off the land’, sophisticated cyber actors from the People’s Republic of China (PRC) were able to use legitimate tools existing on victim networks to maintain access to significant targets overseas, without detection.

The NCSC also continued to expand the coverage of its MFN® threat detection and disruption service, by adding new partners. A major milestone was the delivery of MFN to a telecommunications service provider’s domestic customer base, reaching a significant proportion of the Aotearoa New Zealand mobile telecommunications market. These increasing and deepening partnerships mean the NCSC is offering unprecedented threat protection, with millions of New Zealanders now benefitting from MFN. Through anonymised reporting derived from MFN partners, the NCSC is developing its understanding of the cyber threat environment as it affects a significant segment of New Zealanders. We look forward to providing additional insights in time.

This report also identifies trends in the international cyber threat landscape, over which Russia’s invasion of Ukraine still casts a shadow. A theme of the reporting year has been the rise of issue-motivated malicious cyber actors on both sides of the conflict. The NCSC remains concerned about unintended impacts as a result of disruptive malicious cyber activity stemming from the Russia Ukraine conflict. Elsewhere, the discovery of a range of new botnets, as well as high-impact extortionate activity, threats to the security supply chain, and the convergence of information operations with malicious cyber activity have caused concern. Meanwhile, international law enforcement coalitions have also successfully imposed costs on cyber criminal operations.

The NCSC continues to observe a complex cyber threat environment. The sophistication and persistence of malicious cyber actors, both state-sponsored and financially motivated, continue to lead to significant cyber events. Additionally, the blurring distinction between state-sponsored and criminal cyber activity continues to increase, creating challenges for cyber investigators to understand the motives of malicious cyber actors.

For more information about NCSC services or guidance, visit our website (www.ncsc.govt.nz). For readers unfamiliar with any of the terms used, or how the NCSC defines them, a glossary is provided at the end of this report.