{
	"id": "6b8d8106-6b6a-459e-bc31-6153e997fe80",
	"created_at": "2026-04-06T00:09:50.685243Z",
	"updated_at": "2026-04-10T03:33:40.903298Z",
	"deleted_at": null,
	"sha1_hash": "7f52a600d13bfe3b35edee3ea5867fd23bbb58c2",
	"title": "Parliamentary network breached by the PRC",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 30373,
	"plain_text": "Parliamentary network breached by the PRC\r\nPublished: 2024-03-26 · Archived: 2026-04-05 17:59:06 UTC\r\n26 March 2024\r\nNew Zealand stands with the United Kingdom in its condemnation of People’s Republic of China (PRC) state-backed malicious cyber activity impacting its Electoral Commission and targeting Members of the UK Parliament.\r\n“The use of cyber-enabled espionage operations to interfere with democratic institutions and processes anywhere\r\nis unacceptable,” Minister Responsible for the Government Communications Security Bureau (GCSB) Judith\r\nCollins says.\r\nThe GCSB has also established links between a state-sponsored actor linked to PRC and malicious cyber activity\r\ntargeting Parliamentary entities in New Zealand.\r\n“The GCSB’s National Cyber Security Centre (NCSC) completed a robust technical assessment following a\r\ncompromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021, and has attributed this\r\nactivity to a PRC state-sponsored group known as APT40,” Ms Collins says.\r\n“Fortunately, in this instance, the NCSC worked with the impacted organisations to contain the activity and\r\nremove the actor shortly after they were able to access the network.\r\n“We commend the impacted organisations for acting decisively to mitigate the impact, and for the measures they\r\nhave taken since the incident to harden their cyber defences and strengthen the resilience of their networks.\r\n“These networks contain important information that enables the effective operation of the New Zealand\r\ngovernment. It is critical that we protect this information from all malicious cyber threats.”\r\nMany of New Zealand’s international partners today shared their experiences with malicious cyber activity\r\nimpacting global democratic processes and institutions.\r\n“This collective response from the international community serves as a timely reminder to all organisations and\r\nindividuals to have strong cyber security measures in place,” Ms Collins says.\r\nSource: https://www.beehive.govt.nz/release/parliamentary-network-breached-prc\r\nhttps://www.beehive.govt.nz/release/parliamentary-network-breached-prc\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.beehive.govt.nz/release/parliamentary-network-breached-prc"
	],
	"report_names": [
		"parliamentary-network-breached-prc"
	],
	"threat_actors": [
		{
			"id": "16f2436b-5f84-44e3-a306-f1f9e92f7bea",
			"created_at": "2023-01-06T13:46:38.745572Z",
			"updated_at": "2026-04-10T02:00:03.086207Z",
			"deleted_at": null,
			"main_name": "APT40",
			"aliases": [
				"ATK29",
				"Red Ladon",
				"MUDCARP",
				"ISLANDDREAMS",
				"TEMP.Periscope",
				"KRYPTONITE PANDA",
				"G0065",
				"TA423",
				"ITG09",
				"Gingham Typhoon",
				"TEMP.Jumper",
				"BRONZE MOHAWK",
				"GADOLINIUM"
			],
			"source_name": "MISPGALAXY:APT40",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "83025f5e-302e-46b0-baf6-650a4d313dfc",
			"created_at": "2024-05-01T02:03:07.971863Z",
			"updated_at": "2026-04-10T02:00:03.743131Z",
			"deleted_at": null,
			"main_name": "BRONZE MOHAWK",
			"aliases": [
				"APT40 ",
				"GADOLINIUM ",
				"Gingham Typhoon ",
				"Kryptonite Panda ",
				"Leviathan ",
				"Nanhaishu ",
				"Pickleworm ",
				"Red Ladon ",
				"TA423 ",
				"Temp.Jumper ",
				"Temp.Periscope "
			],
			"source_name": "Secureworks:BRONZE MOHAWK",
			"tools": [
				"AIRBREAK",
				"BlackCoffee",
				"China Chopper",
				"Cobalt Strike",
				"DadJoke",
				"Donut",
				"FUSIONBLAZE",
				"GreenCrash",
				"Meterpreter",
				"Nanhaishu",
				"Orz",
				"SeDll"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "59be3740-c8c7-47aa-84c8-e80d0cb7ea3a",
			"created_at": "2022-10-25T15:50:23.481057Z",
			"updated_at": "2026-04-10T02:00:05.306469Z",
			"deleted_at": null,
			"main_name": "Leviathan",
			"aliases": [
				"MUDCARP",
				"Kryptonite Panda",
				"Gadolinium",
				"BRONZE MOHAWK",
				"TEMP.Jumper",
				"APT40",
				"TEMP.Periscope",
				"Gingham Typhoon"
			],
			"source_name": "MITRE:Leviathan",
			"tools": [
				"Windows Credential Editor",
				"BITSAdmin",
				"HOMEFRY",
				"Derusbi",
				"at",
				"BLACKCOFFEE",
				"BADFLICK",
				"gh0st RAT",
				"PowerSploit",
				"MURKYTOP",
				"NanHaiShu",
				"Orz",
				"Cobalt Strike",
				"China Chopper"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434190,
	"ts_updated_at": 1775792020,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7f52a600d13bfe3b35edee3ea5867fd23bbb58c2.pdf",
		"text": "https://archive.orkl.eu/7f52a600d13bfe3b35edee3ea5867fd23bbb58c2.txt",
		"img": "https://archive.orkl.eu/7f52a600d13bfe3b35edee3ea5867fd23bbb58c2.jpg"
	}
}