Malicious cyber activity attributed to Russia
The Government Communications Security Bureau (GCSB) has established clear links between the Russian government and a
campaign of malicious cyber activity targeting overseas political institutions, businesses, media and sporting
organisations.
“The GCSB has worked through a robust attribution process which strongly links four international malicious cyber
incidents since 2015 to the Russian government,” Director-General Andrew Hampton said.
"The nature of these campaigns is complex. The GCSB’s assessment found it was highly likely the Russian military General
Staff Main Intelligence Directorate (GRU) was behind the campaigns and that a number of cyber proxy groups associated
with these incidents are actors of the Russian state.
“Our process considered material from our partners and our own cyber threat analysis.”
The United Kingdom’s National Cyber Security Centre has today announced it assesses the GRU is behind this activity.
This analysis is consistent with the GCSB’s.
“These malicious cyber activities serve no legitimate national security interest. They were designed to negatively
impact on the ability of people around the world to go about their daily lives free from interference,” Mr Hampton said.
“Such behaviour is unacceptable – it is counter to New Zealand’s vision for an open, safe and secure cyberspace.
“New Zealand organisations were not directly affected by these malicious cyber activities. We are, however, seeing a
range of activity in New Zealand that contains indicators which can be linked to Russian state actors.
“These incidents reinforce the need for New Zealand to have robust national systems to address cyber threats.
Initiatives such as the GCSB’s CORTEX cyber defence capabilities and the proposed expansion of the Malware-Free Networks
programme help protect our nationally significant organisations.”
The Government is taking a fresh look at the current Cyber Security Strategy to ensure New Zealand is equipped to handle
increasing cyber security threats.
Further information about CORTEX or the expansion of the Malware-Free Networks can be found on the GCSB’s website. Further information about the refresh of the Cyber Security Strategy can be found on the Connect Smart website.
Notes to Editors
A GCSB assessment relates to the below malicious cyber activity:
October 2017 The malware known as BadRabbit was distributed, affecting users in Ukraine and Russia.
August 2016 Confidential medical files relating to a number of international athletes were released online. The World Anti-Doping Agency (WADA) stated publicly that this data came from a hack of its Anti-Doping Administration and Management system.
June 2016 The US Democratic National Committee (DNC) was hacked and documents were subsequently published online in an unauthorised disclosure.
July 2015 Multiple email accounts belonging to a small UK-based TV station were accessed and content stolen.