The minister in charge of New Zealand’s Government Communication Security Bureau, and Security Intelligence Service has revealed that a group of hackers compromised the systems of the Parliamentary Counsel’s Office (PCO), Parliamentary Services, and the Electoral Commission in 2021.
The hackers—known as Advanced Persistent Threat 40 (APT40)—are sponsored by the Chinese Communist Party.
The PCO drafts and revises New Zealand government bills (except Inland Revenue Bills) and has early access to government thinking on policy well before the final draft of any Bill is introduced to Parliament.
The Parliamentary Service employs staff who support MPs (and thus collect and hold their personal information); provides security for Parliament itself, as well as MP electorate offices; running ICT services; and monitoring MP travel.
The Electoral Commission is charged with all aspects of running national elections, including vote counting and maintaining the electoral roll—including a confidential roll, not available to the public, which includes the names and addresses of people in sensitive government jobs including those working in NZ’s intelligence sector.
GCSB Director Andrew Clark told a press conference that its analysis “enabled us to confidently link the actor to the People’s Republic of China—specifically to the Ministry of State Security. This link has been reinforced by analysis from international partners of similar events in their own jurisdictions.”
He said it would be speculative to suggest what the hackers were trying to achieve, but attacks like this tend to focus on gaining a strategic advantage, theft of intellectual property, and sometimes to “facilitate foreign interference in other countries.”
Beijing Still a ‘Good Friend’: Security Minister
Defence Minister Judith Collins revealed that the breach was detected quickly and the hacker was removed soon after.She described the cyber attacks as part of a “pattern of behaviour” that was “totally unacceptable” but added that, “China is a very good friend and we obviously have a long-term relationship with them.”
Foreign Minister Winston Peters has confirmed New Zealand’s concerns about Beijing’s malicious attacks have been conveyed directly to the CCP.
“The Prime Minister and Minister Collins have expressed concerns today about malicious cyber activity, attributed to groups sponsored by the Chinese Government, targeting democratic institutions in both New Zealand and the United Kingdom,” Mr. Peters said.
Not Raised During Foreign Minister’s Visit
However, despite admitting he had been informed of the hack earlier this month, Prime Minister Christopher Luxon did not raise the issue with Beijing’s Foreign Minister Wang Yi when he visited the country last week.When questioned about the issue he said, “This is the very first time we have publicly attributed China to interference in our democratic processes and institutions, this is also we’re standing up with like-minded countries that have values that we want to protect liberal democracies around the world and I think it’s the right response,” the prime minister told reporters in Parliament.
He defended the delay in pointing the finger at Beijing, saying, “It takes time. And so there was an immediate response and identification. It was good mitigation. And then we spend time building the case of attribution to make sure when we make a statement like this we can publicly attribute it.”
He said there is no evidence the electoral commission or elections have been interfered with by the CCP, and confirmed that New Zealand would continue to cooperate with Beijing “incredibly strongly on developing trade” while calling out any state that attacked its democratic institutions.
Labour leader Chris Hipkins backed that approach, saying naming a country behind foreign interference was a major step, and there was a process that needed to be done beforehand, which was why his government had not done so after the first attack in 2021.
“We were going through the process of preparing to do that. We obviously didn’t quite get to the endpoint—that involves alignment with the other partners, our other international partners. I would have liked to have been able to do it earlier but I endorse the statement that Judith Collins has released,” the opposition leader said.
