New Zealand calls in spy agency amid cyber attacks on bourse
Security crisis plans are activated after stock exchange is disrupted after repeat attacks
Wellington — New Zealand called in its spy agency and activated security crisis plans to help defend the stock exchange from overseas attack, after hackers disrupted the market for a fourth straight day.
“We as a government are treating this very seriously,” finance minister Grant Robertson said on Friday, adding agencies would co-ordinate to deal with the threat. “There are limits to what I can say today about the action the government is taking behind the scenes due to significant security considerations.”
The NZ$204bn stock market has been the target of distributed-denial-of-service attacks that have overwhelmed its website and forced trading halts since Tuesday. The national security plan is triggered in response to a crisis that threatens New Zealand’s interests or international reputation.
Authorities have not commented on the suspected source of the attacks, which flood a network with internet traffic and disrupt services, other than saying they originate from offshore. Security intelligence company Akamai warned earlier this week that extortionists claiming to be the Russian-linked hacking group Fancy Bear have recently been sending ransom letters to companies in finance, travel and e-commerce in the Asia Pacific, US and UK demanding payments to stop attacks.
New Zealand stock exchange operator NZX is among the companies targeted, the ZDNet website reported, citing an unidentified source in the DDoS mitigation field.
The exchange failed to open at 10am on Friday despite assurances from NZX that it would. Trading finally began three hours later. The market lost an hour of trading on Tuesday, three on Wednesday and almost six hours on Thursday from the repeat attacks. NZX has declined to comment on whether any demands have been made.
The disruptions, which come as the benchmark S&P/NZX-50 index nears a record high, are frustrating investors who were unable to trade amid a busy company earnings season.
The outages are “hugely disruptive for everyone,” said Michael Midgley, CEO of the New Zealand Shareholders’ Association. “Our main concern, aside from any attempted incursion, is that it is potentially damaging to information flows. In the Covid world the audience is keenly watching to see how reported data relates to forecasts.”
In November, government cyber security agency CERT NZ said it had received reports of extortion e-mails targeting companies within the financial sector in New Zealand. It said the e-mails claimed to be from a Russian group called “Fancy Bear/Cozy Bear” and demanded a ransom to avoid denial-of-service attacks. CERT declined to comment on the NZX incidents.
Fancy Bear is another name for the Russian hacking group APT28, which has been linked to attacks against the US Democratic Party, the White House and Nato. Security experts have also linked it to attacks on European government institutions and private companies and say its primary mission is to gather intelligence in support of the Russian government.
The group sending ransom e-mails is highly unlikely to be the real Fancy Bear, but is using its name to gain notoriety, according to Yihao Lim, a cyber threat intelligence analyst at Mandiant Threat Intelligence in Singapore.
“It’s plausible that they are cyber gangs calling themselves Fancy Bear involved in this incident,” he said.
The Financial Markets Authority, which regulates NZX, on Thursday said it was monitoring the incident. It did not immediately respond to requests for further comment on Friday. Spark New Zealand, which is NZX’s internet service provider, also did not immediately reply to e-mailed questions.
When asked on Friday if it had received ransom e-mails threatening attacks, Australia’s ASX said that as a matter of policy it does not “comment on specific cyber-related matters.”
“We have a range of security protections in place and work closely with government and relevant agencies to maintain the integrity of our services. ASX markets are operating normally,” it said.
Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.