The Reserve Bank of New Zealand Breached via Third-Party Hosting Service

The Reserve Bank of New Zealand has become the latest financial institution targeted by malicious actors.

According to a statement released January 10, cybercriminals breached the bank’s network through one of its third-party hosting companies. According to the Central Bank of New Zealand, the culprits may have even accessed sensitive and commercial information in the process.

“We are working closely with domestic and international cyber security experts and other relevant authorities as part of our investigation and response to this malicious attack,” Bank Gov. Adrian Orr said. “The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information.”

Following standard cyberattack procedures and pending further investigation, the bank states that it has secured and switched off its systems until it can fully assess the attack’s ramifications.

“The system has been secured and taken offline until we have completed our initial investigations,” Orr added. “It will take time to understand the full implications of this breach, and we are working with system users whose information may have been accessed. Our core functions remain sound and operational.”

Bank officials gave no additional information on the breach. It remains unclear if the security incident is part of a vast ransomware campaign targeting financial institutions. With no criminal claiming responsibility for the attack or listing ransom demands, we can only speculate on the incident’s scope and effects.

The head of the Computer Science department at Auckland University, Dave Parry, recently said a nation-state likely orchestrated the attack. “Ultimately, if you were coming from a sort of like criminal perspective, the government agencies aren’t going to pay your ransom or whatever, so you’d be more interested probably coming in from a government-to-government level,” he noted.