Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

GCSB not confirming report China responsible for surge in cyber espionage

Tuesday, 20 November 2018

How a rift between the US and China is overshadowing the APEC meeting in Papua New Guinea.

The Government Communications Security Bureau is not confirming a report that China is behind espionage attacks on Australian businesses and other 'Five Eyes' countries.

Australian media companies Fairfax Media and Nine Entertainment reported China's Ministry of State Security was responsible for 'Operation Cloud Hopper' and a surge in cyber espionage against Australian companies over the past year.

Fairfax Media, which is the parent of Stuff, quoted unnamed Australian officials as claiming the activity breached an agreement between Chinese premier Li Keqiang and former Australian prime minister Malcolm Turnbull 'to not steal each other's commercial secrets'.

China responsible for
China responsible for 'Operation Cloud Hopper' espionage, Fairfax/Nine investigation finds.

​GCSB director-general Andrew Hampton said Operation Cloud Hopper was 'a significant international cyber security event' but said attributing attacks was 'complex'.

Private security firms have pointed the finger at China. But 'to date, no government has attributed the campaign', Hampton said.

**READ MORE:

* Jacinda Ardern seeks more details on Russian hacking claims

* GCSB boss says there are indications Russian state-backed hackers directly threatened NZ

* GCSB marks sharp rise in cyber attacks targeting New Zealand - some state-sponsored**

He would also not confirm New Zealand organisations had been targeted or had information stolen as a result of Cloud Hopper, saying it was 'a long standing practice that I do not comment on what may, or may not be operational'.

The statement leaves Russia and North Korea as the only two countries to have been directly accused of cyber attacks by New Zealand.

Hampton said in October that the bureau had established 'clear links' between the Russian government and a separate campaign of 'malicious cyber activity' targeting overseas political institutions, businesses, media and sporting organisations, describing that as 'unacceptable'.

He said then that New Zealand organisations were not directly affected by those activities but that the GCSB had seen 'a range of activity in New Zealand that contains indicators which can be linked to Russian state actors'.

The National Cyber Security Centre (NSCS), which is part of the GCSB, recorded 122 incidents in the 2016-17 year involving 'indicators' that had been previously been linked to 'state-sponsored actors'.

But its report did not name any individual countries as being responsible.

Consultant PwC reported on Operation Cloud Hopper in April last year, describing it as one of the 'largest ever sustained global cyber espionage campaigns'.

The campaign targeted IT service providers allowing the attackers – which it did not identify but referred to as 'Red Apollo' – unprecedented potential access to the intellectual property and sensitive data of those business 'and their clients globally', PwC said at the time.

Government Communications Security Bureau director Andrew Hampton identified
Government Communications Security Bureau director Andrew Hampton identified 'clear links' between Russia and separate cyber attacks in October.

The NCSC said last year it was aware of the campaign and had provided advice 'on threat protection and response' to key government and private sector organisations in New Zealand – again without naming any country as being responsible.

The Sydney Morning Herald quoted an unnamed senior Australian government source describing China's activity as 'a constant, significant effort to steal our intellectual property'.

In October, the US Department of Justice accused China's Ministry of State Security of hacking an Australian domain name provider, identified only as 'Company L', in order to access computer systems at aviation companies in the United States and Europe.

Hampton said Cloud Hopper exposed the vulnerability of supply chains. 'When organisations are thinking about outsourcing their cyber security they need to aware of the risks,' he said.