New Zealand has joined Britain in accusing China of sponsoring hacking groups in their attempts to steal sensitive information from Western countries.
The country’s government has pointed the finger at a group tracked as APT40 that has been linked to a breach of the Parliamentary Counsel Office and Parliamentary Service in 2021, around the same time Britain suffered a similar attack .
The United States has charged several people in connection with a hacking operation that has been going on for fourteen years and may have affected millions of Americans.
Western condemnation of Beijing-backed hacking scandals
Announcing the attack on New Zealand’s parliamentary organizations, Attorney General and Defense Minister Judith Collins said the security services had “completed a robust technical assessment following a compromise between the Parliamentary Counsel Office and the Parliamentary Service in 2021 , and has attributed this activity to a PRC-sponsored group known as APT40.”
Collins continued, stating that the Government Communications Security Bureau (GCSB) and New Zealand’s National Cyber Security Center (NCSC) “worked with the affected organizations to contain the activity and remove the actor shortly after gaining access got into the network.”
Australia backed New Zealand’s criticism of China’s involvement in a number of cyber attacks targeting Western national security, with Home Secretary Claire O’Neill and Foreign Secretary Penny Wong sharing their “serious concerns about malicious cyber activity of Chinese state-backed actors targeting British democratic institutions and parliamentarians.”
Don Smith, VP Threat Intelligence, Secureworks Counter Threat Unit (CTU), said of the recent wave of accusations against Beijing’s sponsorship of hacking attempts: “Chinese state-sponsored cyber espionage is not a new threat. Britain and the US have been calling for these covert operations for several years. From China’s perspective, the purpose of cyber espionage is to gain access to information that will advance the agenda of the People’s Republic of China.”
“In recent years, tired of having their operations bungled and exposed publicly, the Chinese have increasingly emphasized stealth in cyber espionage attacks. This is a change in MO from the previous ‘smash and grab’ reputation, but it is seen by the Chinese as a necessary evolution towards one, making it harder to get caught and two, making it almost impossible to get a attack attributable to them.” Smith continued.
“Specifically, this has manifested itself in four key areas: obscured networks; Living on the edge; Living off the land and living in the cloud. Combined, these tactics make identifying malicious activity more difficult, but more importantly, complicate attribution.”
Through The register