The head of the electronic spy agency, the GCSB, says it has received the alert from the US identifying a malicious cyber threat campaign targeting network infrastructure devices.
Photo: Supplied
The US, Britain and Australia have claimed hackers backed by the Russian government have infected computer routers around the world.
In a statement, the GCSB said it had passed the information on to its National Cyber Security Centre, and published a link to the US advisory.
Government Communications Security Bureau (GCSB) director Andrew Hampton said the agency had been alerted by the US of the malicious cyber threat campaign targeting network infrastructure.
In the agency's annual report in November, Mr Hampton said 396 serious incidents affecting New Zealand were reported last year, with indications 122 had connections to foreign intelligence agencies, including Russian state and state sponsored actors.
Mr Hampton told Nine to Noon this latest report from two of New Zealand's Five Eyes partners has identified "known compromises in particular sorts of equipment".
The GCSB had made the report available to New Zealand organizations so they could be aware of the potential threat, he said, and so they could contact the agency if they become aware of any vulnerabilities.
Mr Hampton said from reading the report it appeared to him this appeared to be an actor "seeking to establish itself on someone's system for the purpose of exfiltrating data".
Andrew Hampton, director, GCSB Photo: supplied
He said it looked like someone attempting to establish themselves on one system to move "laterally across that system into other systems" for the purpose of espionage.
'The extent of this compromise is potentially very wide even though the implications of it may not be realised, fully realised, yet."
"It's a technical report which has identified known compromises in particular sorts of equipment which have been used worldwide. They have attributed this compromise to Russian state actors."
He said the New Zealand government hasn't come to a "formal view" on the attribution of Russia in the report.
He said the attack appeared to be for the purposes of espionage rather than disruption.
"It's been known for quite some time that foreign actors are very active in cyber space."
"Of 400-odd serious events we responded to in the 2016-17 year, about a third those had indicators of foreign intelligence agencies."
In past months there have been heightened global tensions after the nerve agent attack on a former Russian spy and his daughter in the UK, and retaliatory missile strikes following claims the Syrian government used chemical weapons on civilians.
This latest cyber threat could be part of that "context", said Mr Hampton, and the report was notable, but not unique, as it was a joint document from two Five Eyes partners.
Mr Hampton said he added New Zealand's voice to the international condemnation of the NotPetya cyber-attack which international partners attributed to the Russian government.
"It targeted Ukraine, but had a global impact - including affecting supply chains in New Zealand."
He said companies could protect themselves, with security patches or fixes.
"Organisations who keep their security patches up to date are likely to be OK, but the risk is you may have organisations that haven't updated their systems that are vulnerable ... once an adversary gets lodged on a system, it's sometimes pretty hard to get rid of them."
Mr Hampton said while New Zealand had no reason to doubt the credibility of the report from the US and the UK naming Russia, it is an individual process for each country.
"We're in receipt of a credible report from our partners that we felt it really important to get out to New Zealanders but the government has not gone through a formal process of attributing that to Russia."
New Zealand organisations were subject to both direct and indirect threats, said Mr Hampton.
"I encourage system operators in New Zealand to follow the advice in the US CERT advisory and take the recommended actions to strengthen their security."
"Motivation for these incidents includes espionage and revenue generation.
"Attributing cyber incidents to particular countries is something that is carefully considered and is a step not taken lightly", he said.
Attacks in New Zealand generally fit into three categories said Mr Hampton:
The first are direct attacks on New Zealand organisations seeking to obtain critical information such as information property or state secrets.
The second is when New Zealand gets caught up in global events, where this country is not a direct target, like the WannaCry ransomware attack and the NotPetya attack by Russia that focussed on the Ukraine.
The third type of attack is where actors seek to establish themselves on a system of a third party so they can "obscure" themselves when they launch an attack against other, he said.
"So essentially New Zealand's infrastructure being used to launch attacks elsewhere and unfortunately that's something we're seeing more and more of."
