Parliamentary network breached by the PRC

  • Hon Judith Collins

New Zealand stands with the United Kingdom in its condemnation of People’s Republic of China (PRC) state-backed malicious cyber activity impacting its Electoral Commission and targeting Members of the UK Parliament.

“The use of cyber-enabled espionage operations to interfere with democratic institutions and processes anywhere is unacceptable,” Minister Responsible for the Government Communications Security Bureau (GCSB) Judith Collins says.

The GCSB has also established links between a state-sponsored actor linked to PRC and malicious cyber activity targeting Parliamentary entities in New Zealand.

“The GCSB’s National Cyber Security Centre (NCSC) completed a robust technical assessment following a compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021, and has attributed this activity to a PRC state-sponsored group known as APT40,” Ms Collins says.

“Fortunately, in this instance, the NCSC worked with the impacted organisations to contain the activity and remove the actor shortly after they were able to access the network.

“We commend the impacted organisations for acting decisively to mitigate the impact, and for the measures they have taken since the incident to harden their cyber defences and strengthen the resilience of their networks.

“These networks contain important information that enables the effective operation of the New Zealand government. It is critical that we protect this information from all malicious cyber threats.”

Many of New Zealand’s international partners today shared their experiences with malicious cyber activity impacting global democratic processes and institutions.

“This collective response from the international community serves as a timely reminder to all organisations and individuals to have strong cyber security measures in place,” Ms Collins says.

/Public Release. View in full here.