New Zealand warns of digital collateral damage from Russia-Ukraine crisis

New Zealand’s top cybersecurity agency on Friday warned the country’s “nationally significant” organizations to prepare for cybersecurity risks that might result from the ongoing conflict between Ukraine and Russia.

The National Cyber Security Centre (NCSC) posted a publicly-available security advisory on its website that compared the emerging threat to NotPetya in 2017 and the SolarWinds compromise in 2020—both being examples of attacks that spiraled out of control, impacting a wide range of organizations that had no relationship to the originally-targeted entities.

“Alongside heightened tensions, there is an increased potential for cyber attacks. These may have serious impact, even for countries and organisations not directly targeted,” the alert reads. 

Last April, New Zealand joined a chorus of international governments in condemning Russian state actors for compromising the SolarWinds Orion platform, which was used to target organizations including the cybersecurity firm FireEye, the U.S. Treasury Department, and the U.S. Department of Homeland Security. In that incident, a hacking unit known as APT29 or Cozy Bear associated with Russia’s Foreign Intelligence Service inserted malware into the company’s IT monitoring application, allowing operatives to gain a foothold inside customers who downloaded and installed an update to the application.

"This compromise deployed malware indiscriminately around the world and has caused widespread disruption as many thousands of organisations had to apply security patches and check systems," said Andrew Little, New Zealand’s Minister for the Government Communications Security Bureau.

Similarly, New Zealand blamed Russia for the NotPetya wiper attack in 2017, which was believed to originally target Ukrainian organizations but spread to companies around the world and caused billions of dollars in damage. “While NotPetya masqueraded as a criminal ransomware campaign, its real purpose was to damage and disrupt systems… We support the actions of our cyber security partners in calling out this sort of reckless and malicious cyber activity,” said Andrew Hampton, Director-General of the Government Communications Security Bureau.

New Zealand is a member of the intelligence alliance known as the “Five Eyes,” which also consists of the U.S., U.K., Australia, and Canada. The group often coordinates public disclosures about cyberthreats and other national security risks.

In its Friday alert, New Zealand’s NCSC recommended organizations to follow guidance previously put out by the U.S.’s Cybersecurity and Infrastructure Security Agency and the Canadian Centre for Cyber Security. The documents list common tactics and techniques used by Russia-linked hacking groups, as well as ways to mitigate and detect possible intrusions.