{ "id": "1fcf9a88-22d9-471d-9380-6e7e3304f89d", "created_at": "2026-04-06T00:07:55.685859Z", "updated_at": "2026-04-10T03:35:46.138166Z", "deleted_at": null, "sha1_hash": "19d5741bdcc2ab48eab45e280a54e85a9f913cec", "title": "Government points finger at China over cyber attacks", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 920687, "plain_text": "Government points finger at China over cyber attacks\r\nBy RNZ News\r\nPublished: 2021-07-19 ยท Archived: 2026-04-05 13:01:43 UTC\r\nNavigation for News Categories\r\nThe government says it has uncovered evidence of Chinese state-sponsored cyber attacks in New Zealand.\r\nChina should take appropriate action to stop cyber attack activity originating from its territory, Andrew Little says.\r\nPhoto: RNZ / Dom Thomas\r\nGCSB Minister Andrew Little said that the foreign intelligence agency has established links between Chinese\r\nstate-sponsored actors known as Advanced Persistent Threat 40 (APT40) and malicious cyber activity in New\r\nZealand.\r\nThe GCSB had \"worked through a robust technical attribution process\" to establish its conclusions, Little said.\r\nHe said the government is joining other countries in strongly condemning what the Chinese Ministry of State\r\nSecurity has been doing both in New Zealand and globally.\r\n\"Separately, the GCSB has also confirmed Chinese state-sponsored actors were responsible for the exploitation of\r\nMicrosoft Exchange vulnerabilities in New Zealand in early 2021.\r\nhttps://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks\r\nPage 1 of 3\n\n\"We call for an end to this type of malicious activity, which undermines global stability and security, and we urge\r\nChina to take appropriate action in relation to such activity emanating from its territory,\" Little said in a statement.\r\nMicrosoft email servers have been targeted and Little said the GCSB has helped the affected local organisations.\r\nIn March New Zealanders were warned to be concerned and act swiftly after a massive email hack that was\r\nblamed on China.\r\nLittle will not be naming the victims citing national security and commercial confidentiality.\r\nIt reinforced the importance of organisations and individuals having strong cyber security measures in place, the\r\nminister said.\r\nThe GCSB said about 30 percent of serious malicious cyber activity in this country can be linked to various state-sponsored actors.\r\nRead more:\r\nThe Red Line series\r\nNZ risks giving China 'coercive power' over economy - US General\r\nChinese Communist Party spies in NZ universities, lecturers suspect\r\nYoung Uyghur living in NZ fears his family could be in XinJiang concentration camp\r\nMerry Xmas Mr Key - your friend, President Xi\r\nUK also blames Chinese-backed actors for Microsoft hacking\r\nNew Zealand joined the US, UK and the EU, along with Australia and other countries, in condemning malicious\r\ncyber activity.\r\nUS Secretary of State Antony Blinken said it posed \"a major threat to our economic and national security.\"\r\nBritain said on Monday that it and its partners held Chinese state-backed groups responsible for \"a pervasive\r\npattern of hacking\" involving attacks on Microsoft Exchange servers.\r\nThe attacks took place earlier this year and affected more than a quarter of a million servers worldwide, the British\r\nforeign ministry said.\r\n\"The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar\r\npattern of behaviour,\" British foreign minister Dominic Raab said in a statement.\r\n\"The Chinese government must end this systematic cyber sabotage and can expect to be held to account if it does\r\nnot.\"\r\nThe foreign office said the attack was \"highly likely to enable large-scale espionage\".\r\nIt added Britain and its allies attributed the Chinese Ministry of State Security as being behind the hacking groups\r\nknown by security experts as \"APT40\" and \"APT31\".\r\nhttps://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks\r\nPage 2 of 3\n\n- RNZ / Reuters\r\nSource: https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks\r\nhttps://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks" ], "report_names": [ "government-points-finger-at-china-over-cyber-attacks" ], "threat_actors": [ { "id": "16f2436b-5f84-44e3-a306-f1f9e92f7bea", "created_at": "2023-01-06T13:46:38.745572Z", "updated_at": "2026-04-10T02:00:03.086207Z", "deleted_at": null, "main_name": "APT40", "aliases": [ "ATK29", "Red Ladon", "MUDCARP", "ISLANDDREAMS", "TEMP.Periscope", "KRYPTONITE PANDA", "G0065", "TA423", "ITG09", "Gingham Typhoon", "TEMP.Jumper", "BRONZE MOHAWK", "GADOLINIUM" ], "source_name": "MISPGALAXY:APT40", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "aacd5cbc-604b-4b6e-9e58-ef96c5d1a784", "created_at": "2023-01-06T13:46:38.953463Z", "updated_at": "2026-04-10T02:00:03.159523Z", "deleted_at": null, "main_name": "APT31", "aliases": [ "JUDGMENT PANDA", "BRONZE VINEWOOD", "Red keres", "Violet Typhoon", "TA412" ], "source_name": "MISPGALAXY:APT31", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "9e6186dd-9334-4aac-9957-98f022cd3871", "created_at": "2022-10-25T15:50:23.357398Z", "updated_at": "2026-04-10T02:00:05.368552Z", "deleted_at": null, "main_name": "ZIRCONIUM", "aliases": [ "APT31", "Violet Typhoon" ], "source_name": "MITRE:ZIRCONIUM", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "83025f5e-302e-46b0-baf6-650a4d313dfc", "created_at": "2024-05-01T02:03:07.971863Z", "updated_at": "2026-04-10T02:00:03.743131Z", "deleted_at": null, "main_name": "BRONZE MOHAWK", "aliases": [ "APT40 ", "GADOLINIUM ", "Gingham Typhoon ", "Kryptonite Panda ", "Leviathan ", "Nanhaishu ", "Pickleworm ", "Red Ladon ", "TA423 ", "Temp.Jumper ", "Temp.Periscope " ], "source_name": "Secureworks:BRONZE MOHAWK", "tools": [ "AIRBREAK", "BlackCoffee", "China Chopper", "Cobalt Strike", "DadJoke", "Donut", "FUSIONBLAZE", "GreenCrash", "Meterpreter", "Nanhaishu", "Orz", "SeDll" ], "source_id": "Secureworks", "reports": null }, { "id": "59be3740-c8c7-47aa-84c8-e80d0cb7ea3a", "created_at": "2022-10-25T15:50:23.481057Z", "updated_at": "2026-04-10T02:00:05.306469Z", "deleted_at": null, "main_name": "Leviathan", "aliases": [ "MUDCARP", "Kryptonite Panda", "Gadolinium", "BRONZE MOHAWK", "TEMP.Jumper", "APT40", "TEMP.Periscope", "Gingham Typhoon" ], "source_name": "MITRE:Leviathan", "tools": [ "Windows Credential Editor", "BITSAdmin", "HOMEFRY", "Derusbi", "at", "BLACKCOFFEE", "BADFLICK", "gh0st RAT", "PowerSploit", "MURKYTOP", "NanHaiShu", "Orz", "Cobalt Strike", "China Chopper" ], "source_id": "MITRE", "reports": null }, { "id": "74d9dada-0106-414a-8bb9-b0d527db7756", "created_at": "2025-08-07T02:03:24.69718Z", "updated_at": "2026-04-10T02:00:03.733346Z", "deleted_at": null, "main_name": "BRONZE VINEWOOD", "aliases": [ "APT31 ", "BRONZE EXPRESS ", "Judgment Panda ", "Red Keres", "TA412", "VINEWOOD ", "Violet Typhoon ", "ZIRCONIUM " ], "source_name": "Secureworks:BRONZE VINEWOOD", "tools": [ "DropboxAES RAT", "HanaLoader", "Metasploit", "Mimikatz", "Reverse ICMP shell", "Trochilus" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775434075, "ts_updated_at": 1775792146, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/19d5741bdcc2ab48eab45e280a54e85a9f913cec.pdf", "text": "https://archive.orkl.eu/19d5741bdcc2ab48eab45e280a54e85a9f913cec.txt", "img": "https://archive.orkl.eu/19d5741bdcc2ab48eab45e280a54e85a9f913cec.jpg" } }