New Zealand stands with the United Kingdom in its condemnation of People’s Republic of China (PRC) state-backed
malicious cyber activity impacting its Electoral Commission and targeting Members of the UK Parliament.
“The use of cyber-enabled espionage operations to interfere with democratic institutions and processes anywhere is
unacceptable,” Minister Responsible for the Government Communications Security Bureau (GCSB) Judith Collins says.
The GCSB has also established links between a state-sponsored actor linked to PRC and malicious cyber activity targeting
Parliamentary entities in New Zealand.
“The GCSB’s National Cyber Security Centre (NCSC) completed a robust technical assessment following a compromise of the
Parliamentary Counsel Office and the Parliamentary Service in 2021, and has attributed this activity to a PRC
state-sponsored group known as APT40,” Ms Collins says.
“Fortunately, in this instance, the NCSC worked with the impacted organisations to contain the activity and remove the
actor shortly after they were able to access the network.
“We commend the impacted organisations for acting decisively to mitigate the impact, and for the measures they have
taken since the incident to harden their cyber defences and strengthen the resilience of their networks.
“These networks contain important information that enables the effective operation of the New Zealand government. It is
critical that we protect this information from all malicious cyber threats.”
Many of New Zealand’s international partners today shared their experiences with malicious cyber activity impacting
global democratic processes and institutions.
“This collective response from the international community serves as a timely reminder to all organisations and
individuals to have strong cyber security measures in place,” Ms Collins says.