New Zealand spies, agents monitoring huge cyberattack as US government, companies hit

Intelligence and security agencies in New Zealand are talking to potentially affected groups about the SolarWinds hack, which has targeted US Federal agencies. Photo / DC Policy Center

Local cybersecurity authorities say they're closely watching developments in a huge cyberattack some American commentators have blamed on Russia.

The New Zealand Intelligence Community (NZIC) told the Herald it was advising customers of SolarWinds, a global supplier of IT monitoring and management tools.

US federal authorities have described a "significant and ongoing cybersecurity campaign" and issued an emergency directive.

Distributed denial of service or DDoS attacks hit the New Zealand stock exchange hard. Photo / File

USA Today reported the cyberattack, believed to derive from Russia, posed a severe threat to government networks and the private sector.

"New Zealand cyber security authorities are aware that SolarWinds [has] disclosed a vulnerability in its Orion platform," the NZIC said today.

The GCSB, the National Cyber Security Centre and the government's computer Emergency Response Team (CERT) have all engaged with overseas cybersecurity partners.

The National Cyber Security Centre and CERT NZ engaged with customers on a confidential basis.

The NZIC said for this reason it would not publicly disclose the details of cyber security events reported to these two agencies.

But USA Today said the latest attacks overseas penetrated government computer systems through a popular piece of server software that SolarWinds offered.

"The threat apparently came from the same cyber espionage campaign that has afflicted cybersecurity firm FireEye, foreign governments and major corporations."

Reuters today reported Microsoft was also a victim of the suspected Russian hack using SolarWinds.

Dust settles on August attacks

Meanwhile, the GCSB cited national security reasons for withholding most information about August cyberattacks that crippled New Zealand's stock exchange.

MetService, Westpac bank, and local media outlets Stuff and Radio NZ were also targeted in the wave of attacks.

The bureau's director general Andrew Hampton said releasing information could jeopardise commercial positions of entities that supplied information about the attacks.

Hampton said the NZX suffered Distributed Denial of Service (DDoS) attacks on multiple days between August 25 and September 16.

Trading stopped for four days in a row in late August.

The National Cyber Security Centre believed a financially motivated cybercrime actor was the perpetrator.

"The nature of DDOS attacks means that internet service and external security
providers are best placed to provide and implement technical mitigations," Hampton said.

He said DDoS attacks aimed to overwhelm websites by generating excessive volumes
of otherwise seemingly legitimate web requests.

Ransom note

New Zealand's national security system was activated to run an all-of-government response.

It was previously reported the suspected attacker demanded a Bitcoin ransom from NZX.

Responding to an Official Information Act request, Hampton refused to share the ransom email, citing international relations and national defence reasons.

NZX said it wrapped up independent reviews into the DDoS attacks this month.

Mark Peterson, NZX chief executive, said the exchange was following official advice and not disclosing details of an attack or its response.