Cyber campaign attributed to China

The Government Communications Security Bureau (GCSB) has established links between the Chinese Ministry of State Security (MSS) and a global campaign of cyber-enabled commercial intellectual property theft. 

“This long-running campaign targeted the intellectual property and commercial data of a number of global managed service providers, some operating in New Zealand,” Director-General of the GCSB Andrew Hampton said.

“This activity is counter to the commitment all APEC economies, including China, made in November 2016. APEC economies agreed they should not conduct or support ICT-enabled theft of intellectual property or other confidential business information, for commercial advantage.

“New Zealand is committed to upholding the rules-based international order, and today joins likeminded partners in expressing that such cyber campaigns are unacceptable.

“We became aware of this campaign in early 2017. Our National Cyber Security Centre (NCSC) issued advice on its website, enabling New Zealand organisations to take steps to protect their networks. We also engaged with New Zealand subsidiaries of the targeted managed service providers to assist in their response.

“The GCSB has worked through a robust attribution process in relation to this campaign. New Zealand attributes cyber incidents where it is in the national interest to do so. Our approach today is consistent with GCSB’s previous attributions of cyber activity.

“Around a third of the serious incidents recorded by the NCSC can be linked to state-sponsored actors. This ongoing activity reinforces the importance of organisations having strong cyber security measures across their supply chain.

“Cyber-security is a team effort and the NCSC encourages organisations to take the time to ensure they have their security settings right,” Mr Hampton said.

The advice issued to MSPs in 2017 is available here.

Media contact: or 04 819 7104

Note to editors:

Managed Service Providers provide a range of technology services to their clients including telephony, internet access and email services. This means they may have high level access to their client’s networks. The client is reliant on the integrity of the MSP to ensure appropriate security practices are maintained

The National Cyber Security Centre, part of the GCSB, works with New Zealand’s most significant public and private sector organisations to protect their information systems from high impact and advanced cyber-borne threats.

NCSC has today released its annual Cyber Threat Report. This report highlights the changing trends in New Zealand’s cyber threat landscape. This includes an overall increase in state-sponsored activity from a range of actors, changing tactics and technologies being deployed. The report also highlights that as deployment of CORTEX cyber defence capabilities for organisations of national significance matures it is helping to detect and disrupt threats at an earlier stage. A copy of the report is available here.

Earlier this year the Government announced that some CORTEX capabilities will be expanded to help protect a greater number of nationally significant organisations through the Malware-Free Networks programme.

Further information about New Zealand’s cyber resilience and tips on how it can be improved can be found in this report published by the NCSC in October 2018 here.