China cyber attacks in New Zealand, other Western countries like 'rampaging and looting in a mall' - security consultant

China's malicious state-sponsored cyber-attacks in New Zealand and other Western countries have been compared to "looting in a mall" by a top security consultant.

Beijing is being blamed for an attack earlier this year on Microsoft Exchange, which targeted companies and government agencies around the globe. 

Four Chinese nationals have been arrested in the US as a result.

Security consultant Paul Buchanan told The AM Show while China was identified as the likely hacking culprit in March, new developments have prompted the US and its allies - including New Zealand - to speak out.

"This attack involved, at first, hackers from the [Chinese] Ministry of State Security going into [Microsoft] Exchange - but then when Microsoft announced they were developing a patch, they shared their information about the vulnerability with criminal organisations.

"So now you have, like in Russia, the overlap between criminal entities seeking profit and state actors seeking intelligence of all sorts - and that's a new development for the Chinese."

Buchanan said Chinese state agencies essentially "opened the doors" when Microsoft announced its patch for Exchange.

"It went from being a targeted attack - like theft at a jewellery store - to what has been characterised as a ram raid or 'smash and grab' attack, where everybody jumped in. It would be like people rampaging and looting in a mall.

"That change of behaviour is what has now prompted this response, and this response is different for several reasons; first of all, because now the Five Eyes partners, NATO, the EU, Japan and New Zealand have pinpointed who the criminals and state actors in China were - they've named them by name which they've never done before."

Buchanan said the Chinese government being publicly called out resulted from "private diplomacy" not working.

But he said New Zealand was the "most vulnerable" of the countries involved in the "naming and shaming".

International law expert Al Gillespie, from the University of Waikato, said it was significant China had been called out.

"We have called out Russia before, and I think North Korea too. Calling out China, especially at this delicate time in our relationship with them, takes a lot of courage."

But Prof Gillespie said, internationally, cyber-security law is a "mess".

"At the international level, there is a treaty on cyber-crime. This allows for mutual assistance on such matters and extradition when focusing on criminals. 

"There is no treaty on cyber-attacks that are state-based. There should be, but there is not."