Chinese intelligence concept, ear on the flag of China. 3D rendering
The Government Communications Security Bureau (GCSB) says the Chinese government has ties to a group that is carrying out commercial espionage in multiple countries - including New Zealand.
The spy agency says it has established links between the Chinese Ministry of State Security (MSS) and a global campaign of cyber-enabled intellectual property theft - lead by a group dubbed APT 10.
"This long-running campaign targeted the intellectual property and commercial data of a number of global managed service providers, some operating in New Zealand," GCSB Director-General Andrew Hampton said.
He defined managed service providers as companies who supplied phone, internet and email services - which could be used as a gateway to hacking all of their customers. While there was evidence that global service providers with subsidiaries in NZ had been compromised, Hampton was unaware of any NZ customers having their data compromised or NZ government data being breached.
Hampton refused to name the managed-service providers when asked by the Herald.
He did offer that his decision to go public with the commercial espionage accusation was "quite separate" from the recent decision to block Chinese company Huawei from Spark's 5G mobile network upgrade.
"Today's attribution relates to a specific cyber campaign and was a decision taken by Ministers. It is completely separate from the regulatory function the GCSB carries out under TICSA," he said, in a reference to the Telecommunications (Interception Capability and Security) Act 2013], which requires telcos to run network upgrade plans past his agency for approval.
"It would be incorrect to link the two," the GCSB boss said.
However, like the Huawei decision, today's move coincided with activity by Five Eyes partners the US and the UK.
Overnight, the US Justice Department announced indictments accusing Chinese officials of coordinating a decade-long espionage campaign to steal intellectual property and other data from dozens of companies, adding to tensions amid the trade war between the two nations.
Two Chinese nationals, Zhu Hua and Zhang Shilong, were accused Thursday of coordinating with state security officials in an "extensive" hacking campaign, allegedly infiltrating 45 US companies and government agencies, as well as other firms in more than a dozen countries.
The UK Foreign Office joined in pressing the accusations, issuing a statement alleging that a group known as APT 10 acted on behalf of Chinese government "to carry out a malicious cyber campaign targeting intellectual property and sensitive commercial data in Europe, Asia and the US."
Aware from early 2017
Evidence points to APT 10 or Advanced Persistent Threat Actor 10 being a front for the Chinese security ministry, Hampton said.
"We became aware of this campaign in early 2017. Our National Cyber Security Centre (NCSC) issued advice on its website, enabling New Zealand organisations to take steps to protect their networks. We also engaged with New Zealand subsidiaries of the targeted managed service providers to assist in their response.
"The GCSB has worked through a robust attribution process in relation to this campaign. New Zealand attributes cyber incidents where it is in the national interest to do so. Our approach today is consistent with GCSB's previous attributions of cyber activity.
"Around a third of the serious incidents recorded by the NCSC can be linked to state-sponsored actors. This ongoing activity reinforces the importance of organisations having strong cyber security measures across their supply chain.
Third Canadian arrested
Meanwhile, China has detained Canadian national Sarah McIvor, saying the teacher was "illegally employed."
McIvor is the third Canadian to be arrested inside China the arrest of Huawei chief financial officer Meng Wanzhou, at the request of the US, in Vancouver on December 1, following former diplomat Michael Kovrig and businessman Michael Spavor - who were both detained for "harming national security."