Advisories

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates above to be notified as soon as we publish an advisory.

Advisories

10 Apr 2017

TLP Rating: White

Global campaign targeting multi-national IT service providers

CERT NZ is aware of ongoing targeted attacks against multi-national IT service providers by a group known as APT10.

PwC and BAE Systems have co-authored a comprehensive report on the incident, which is known as Operation Cloud Hopper. It explains the threat in detail, and provides a list of indicators of compromise (IOCs).

PwC report on Operation Cloud Hopper External Link

BAE blog post on APT10 - Operation Cloud Hopper External Link

There is no evidence at this stage to suggest the general public or small to medium enterprises are being targeted.

What to do

Mitigation

The National Cyber Security Centre (NCSC) is the key point of contact for queries about this threat in New Zealand. NCSC is providing advice on threat protection and response to key government and private sector organisations. Their recommendations to organisations include:

carrying out an investigation to check networks for any of the indicators included in the PwC and BAE systems reports
auditing administrative access into the organisation’s networks (especially via third parties) and carrying out the recommendations in cyber security advisory CSA-006-17.

NCSC Cyber Security Advisory CSA-006-17 External Link

As best practice, CERT NZ also recommends all organisations protect themselves online by implementing the Australian Signals Directorate’s strategies to mitigate cyber security incidents.

Strategies to Mitigate Cyber Security Incidents External Link

More information

If you identify any activity that appears to be malicious, or would like to discuss this further, call the NCSC incident line on 04 498 7654.