Malicious cyber activity attributed to Russia

The Government Communications Security Bureau (GCSB) has established clear links between the Russian government and a campaign of malicious cyber activity targeting overseas political institutions, businesses, media and sporting organisations.

“The GCSB has worked through a robust attribution process which strongly links four international malicious cyber incidents since 2015 to the Russian government,” Director-General Andrew Hampton said.

"The nature of these campaigns is complex. The GCSB’s assessment found it was highly likely the Russian military General Staff Main Intelligence Directorate (GRU) was behind the campaigns and that a number of cyber proxy groups associated with these incidents are actors of the Russian state.

“Our process considered material from our partners and our own cyber threat analysis.”

The United Kingdom’s National Cyber Security Centre has today announced it assesses the GRU is behind this activity. This analysis is consistent with the GCSB’s.

“These malicious cyber activities serve no legitimate national security interest. They were designed to negatively impact on the ability of people around the world to go about their daily lives free from interference,” Mr Hampton said.

“Such behaviour is unacceptable – it is counter to New Zealand’s vision for an open, safe and secure cyberspace.

“New Zealand organisations were not directly affected by these malicious cyber activities.  We are, however, seeing a range of activity in New Zealand that contains indicators which can be linked to Russian state actors.

“These incidents reinforce the need for New Zealand to have robust national systems to address cyber threats. Initiatives such as the GCSB’s CORTEX cyber defence capabilities and the proposed expansion of the Malware-Free Networks programme help protect our nationally significant organisations.”

The Government is taking a fresh look at the current Cyber Security Strategy to ensure New Zealand is equipped to handle increasing cyber security threats.

Further information about CORTEX or the expansion of the Malware-Free Networks can be found on the GCSB’s website. Further information about the refresh of the Cyber Security Strategy can be found on the Connect Smart website.

Media contact: 04 819 7104 /

Notes to Editors

A GCSB assessment relates to the below malicious cyber activity:

October   2017

The malware known as BadRabbit was distributed, affecting users in Ukraine and Russia.

August   2016

Confidential medical files relating to a number of international athletes were released  online. The World Anti-Doping Agency (WADA) stated publicly that this data came from a hack of its Anti-Doping Administration and Management system.

June   2016

The US Democratic National Committee (DNC) was hacked and documents were subsequently published online in an unauthorised disclosure.

July   2015

Multiple email accounts belonging to a small UK-based TV station were accessed and   content stolen.