China fires back: Embassy says NZ Government cyber attack accusation 'groundless, irresponsible'

The New Zealand Government's accusation that "Chinese state-sponsored actors" are behind "malicious cyber activity" in Aotearoa is "groundless and irresponsible", according to the Chinese Embassy in Wellington. 

In a coordinated condemnation of China overnight, New Zealand, the United States, the UK, Australia and other international partners said a Chinese state-sponsored entity called Advanced Persistent Threat 40 (APT 40) is linked to malicious activity in New Zealand and around the world. 

"The GCSB has worked through a robust technical attribution process in relation to this activity," said Government Communications Security Bureau (GCSB) Minister Andrew Little. "New Zealand is today joining other countries in strongly condemning this malicious activity undertaken by the Chinese Ministry of State Security (MSS) – both in New Zealand, and globally."

The GCSB also found Chinese state-sponsored actors "were responsible for the exploitation of Microsoft Exchange vulnerabilities in New Zealand in early 2021", Little said late on Monday night. Microsoft said earlier this year that its email exchange software had been infiltrated.

"New Zealand joins international condemnation of the exploitation of the Microsoft Exchange platform by Chinese state-sponsored actors, and the widespread and reckless sharing of the vulnerability, which led to other cyber actors’ exploitation of it," Little said.

"We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory."

The Chinese Embassy in Wellington has now fired back, calling the accusation "totally groundless and irresponsible".

"China expresses strong dissatisfaction and firm opposition and has already lodged solemn representation with the NZ government," a statement from a spokesperson says.

"The Chinese government is a staunch defender of cyber security and firmly opposes and fights all forms of cyber attacks and crimes in accordance with law. Given the virtual nature of cyberspace, one must have clear evidence when investigating and identifying cyber-related incidents. Making accusations without proof is malicious smear."

It goes on to say that cyber security is a challenge faced by all countries and China wants nations to strengthen dialogue on the issue. 

"We urge the New Zealand side to abandon the Cold War mentality, adopt a professional and responsible attitude when dealing with cyber incidents, and work with others to jointly tackle the challenge through dialogue and cooperation rather than manipulating political issues under the pretext of cyber security and mudslinging at others."

According to the GCSB, around 30 percent of serious malicious cyber activity against New Zealand organisations recorded by the NCSC contains indicators that can be linked to various state-sponsored actors.

An editorial in the Chinese state-owned media outlet the Global Times on Tuesday morning said the accusation was a "huge lie" and that the United States was "stirring up new geopolitical disputes by turning cyber frictions into major conflicts among countries".

"The slander against China has been excessive. Eventually, the US is defaming itself as a result of the slander. The US cannot exploit these smears to substantively attack China. If the US takes aggressive measures, carries out national-level cyber attacks on China, or imposes so-called sanctions on China, we will retaliate."

In its statement, the White House said the People’s Republic of China’s "pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world".

"Today, countries around the world are making it clear that concerns regarding the PRC’s malicious cyber activities is bringing them together to call out those activities, promote network defense and cybersecurity, and act to disrupt threats to our economies and national security."

It also announced criminal charges against Ministry of State Security hackers "addressing activities concerning a multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defense, education, and healthcare in a least a dozen countries".