Compromised devices part of China-linked ‘botnet’ found in NZ

China has repeatedly denied being involved in malicious cyber activity.

Compromised devices that were part of a “botnet” controlled by a Chinese company have been found in New Zealand, leading our spy agency to join international partners in calling out “malicious cyber agencies”.

Intelligence agencies from the Five Eyes nations today released a notice saying cyber actors linked to China “have compromised thousands of internet-connected devices”, including small office or home routers and firewalls.

This was done to create a “botnet”, which is a network of compromised devices that can be controlled for malicious purposes. This could include malware delivery or distributed denial of service (DDoS) attacks, where networks are flooded with traffic to take them offline.

The notice says a China-based company with links to the Chinese Government has controlled the botnet since mid-2021 and, as of June this year, it consisted of more than 260,000 devices.

The GCSB’s National Cyber Security Centre (NCSC) confirmed compromised devices have been observed in New Zealand.

“The NCSC and partners are releasing this advisory to highlight the threat posed by these actors and their botnet activity and to encourage exposed device vendors, owners, and operators to update and secure their devices from being compromised and joining the botnet,” said acting Deputy Director-General Cyber Security, Michael Jagusch.

Jagusch said cybersecurity companies could use technical information in the advisory to assist with identifying malicious activity.

“Our NCSC works extensively with New Zealand organisations, the cyber security industry and international partners to identify and mitigate cyber threats facing New Zealand organisations and individuals.

“It deploys a range of cyber security capabilities including Malware Free Networks and the Phishing Disruption Service to share cyber threat intelligence to help protect New Zealander from a range of threats.”

China has repeatedly denied being involved in malicious cyber activity.

In March, spy agencies in New Zealand said a Chinese state-sponsored actor targeted Parliament’s network. Chinese Ambassador Wang Xiaolong said it was a “groundless and irresponsible” accusation.

Earlier this month, the Chinese Embassy denied ever interfering in New Zealand. That came after New Zealand Security Intelligence Service said China carried out foreign interference activities here.

Jamie Ensor is a political reporter in the NZ Herald Press Gallery team based at Parliament. He was previously a TV reporter and digital producer in the Newshub Press Gallery office.