New Zealand

OceaniaAustralia and New ZealandCritical Risk

Composite Index

72

Risk Indicators
72Critical

Active clusters

273

Related intel

8

Key Facts

Capital

Wellington

Population

5.1M

Related Intelligence

82security

Five Eyes and the U.S. warn: China’s recruitment and cyber pressure is going after the fuel grid

On June 3, 2026, multiple U.S.-linked and allied outlets reported a coordinated intelligence and cyber threat picture centered on China. The U.S. CISA, alongside the FBI, NSA, and the Department of Energy, warned that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across critical infrastructure sectors. In parallel, a rare joint bulletin from the Five Eyes intelligence partnership warned that Chinese-linked actors are using fake profiles and job offers to recruit and compromise military officers, spies, and personnel with access to classified or sensitive information. Separately, Politico reported that Five Eyes agencies specifically flagged LinkedIn-style recruitment attempts as a pathway to compromise government and military personnel. Taken together, the reporting suggests a dual-track campaign: cyber intrusion into operational energy monitoring and human targeting to expand intelligence access. Strategically, the cluster fits the broader U.S.-China security tension narrative in which Beijing seeks asymmetric advantages without overt kinetic escalation. The Five Eyes warnings indicate that intelligence services view recruitment and compromise operations as directly enabling tactical advantage over the U.S. and its allies, not merely espionage in the abstract. The mention of Chinese-made circuit boards hidden beneath AI chips in the U.S. adds an industrial-security layer, implying that supply-chain components could be leveraged for surveillance, tampering, or influence over next-generation systems. Meanwhile, analysis of Taiwan as the “pivot” and commentary on seabed infrastructure protection underscore that the contested theater is expanding beyond air and land to undersea and critical infrastructure domains. The likely beneficiaries are Chinese intelligence and cyber operators seeking persistence and access, while the losers are U.S. and allied defenders facing higher operational risk, greater incident response costs, and potential disruptions to energy logistics. Market and economic implications concentrate on energy infrastructure resilience, industrial cybersecurity spending, and the risk premium embedded in critical-infrastructure operators. ATG systems are tied to fuel and liquid storage monitoring, so successful attacks could translate into operational uncertainty, delayed replenishment decisions, and higher insurance and compliance costs for tank farms and logistics operators. The cyber theme also supports a near-term bid for defensive cybersecurity vendors and managed security services, while pressuring risk appetite for firms with exposed OT/IoT assets. If supply-chain concerns around Chinese circuit boards under AI chips intensify, it can reinforce demand for trusted electronics, testing, and secure hardware supply chains, potentially affecting semiconductor equipment and industrial electronics segments. Even without quantified price moves in the articles, the direction is clear: higher perceived tail risk for energy storage operators and higher near-term spending expectations for cyber hardening across critical sectors. What to watch next is whether U.S. agencies issue follow-on technical indicators, mandated mitigations, or sector-specific directives for ATG deployments and related tank monitoring networks. Executives should monitor for evidence of exploitation attempts against internet-exposed ATG endpoints, including anomalous authentication patterns, firmware changes, and unusual telemetry gaps that could indicate manipulation of gauge readings. For the human-recruitment track, watch for public advisories on social-platform targeting, internal reporting rates from cleared personnel, and any policy changes to vet job offers and external contacts more aggressively. On the industrial-security side, track procurement guidance and enforcement actions tied to Chinese-origin components in advanced computing and AI supply chains. The escalation trigger would be confirmed operational disruption at fuel storage sites or credible attribution of compromise chains reaching sensitive military or intelligence roles; de-escalation would look like successful containment, patch adoption, and a reduction in observed recruitment and intrusion activity over subsequent weeks.

View analysis
78security

China fires a submarine-launched ICBM test in the Pacific—New Zealand warned, Taiwan squeezed

China confirmed it conducted an intercontinental ballistic missile test launched from a nuclear submarine in the Pacific, and said it notified relevant neighbors in advance. Multiple outlets reported the missile carried a dummy warhead, with the launch framed as not directed against any specific country. New Zealand’s government stated it was informed hours beforehand, indicating a deliberate signaling effort rather than a surprise escalation. The tests were reported alongside broader PLA posture moves, including expanded maritime activities and coast guard patrols tied to Taiwan jurisdiction claims. Strategically, the cluster points to a coordinated pressure campaign across domains: nuclear signaling through high-end ICBM-capable submarine launches, and “salami-slicing” maritime enforcement around Taiwan using non-naval coast guard assets. Beijing’s approach appears designed to normalize its legal narrative while testing response thresholds of regional governments and partners. Taiwan is the immediate operational focal point, but the notification to New Zealand and references to the United States in reporting underscore that Washington and allied capitals are part of the audience. The political backdrop—Xi Jinping consolidating leadership and suppressing opposition—suggests continuity and willingness to sustain coercive external posture. Market and economic implications are indirect but potentially material for defense and risk-sensitive sectors. Higher perceived escalation risk in the Taiwan and South Pacific theaters typically lifts demand expectations for missile defense, ISR, naval sustainment, and maritime domain awareness, supporting defense procurement cycles and related contractors. For trading, the most immediate channel is risk premia: shipping and insurance costs in the Western Pacific can rise on patrol intensification, while regional energy and logistics planning may face volatility if maritime friction increases. Currency and rates impacts are likely secondary, but a sustained escalation narrative can strengthen safe-haven flows and pressure risk assets tied to Asia-Pacific trade routes. What to watch next is whether China repeats similar submarine-launched tests, expands coast guard patrol patterns east of Taiwan, or escalates “lawfare” actions that force third parties to choose sides. Key indicators include additional official notifications of launch windows, changes in PLA/China Coast Guard vessel composition and operating areas, and any visible adjustments in Taiwan’s maritime monitoring and air-defense readiness. For markets and policymakers, the trigger point is a mismatch between Beijing’s stated “not directed” framing and any observed targeting cues, interception events, or incidents involving civilian shipping. Over the next days to weeks, escalation or de-escalation will hinge on whether regional governments publicly calibrate their responses and whether maritime patrols remain within previously signaled corridors.

View analysis
78security

Five Eyes sounds the alarm: AI “frontier” models could supercharge offensive cyber—are defenses ready?

Intelligence officials from the Five Eyes alliance warned on June 23, 2026 that frontier AI models are fundamentally transforming offensive cyber capabilities. Multiple outlets report that the alliance is urging urgent action to address threats emerging from the latest AI model releases and their rapid performance gains. The core message is that advanced models are expected to exceed current industry expectations and enable more effective, faster, and more scalable cyber operations. While the articles do not name specific targets, they frame the risk as systemic and time-sensitive rather than a one-off vulnerability. Strategically, the warning highlights a widening asymmetry between state-aligned cyber operators and defenders who must patch, detect, and attribute under accelerating automation. Five Eyes—widely viewed as a high-trust intelligence-sharing architecture—signals that the threat is not confined to any single country’s tools or tactics, but to the underlying capability shift driven by frontier AI. This benefits actors seeking deniability and speed, because AI-assisted recon, exploit development, and social engineering can compress timelines from weeks to hours. It also pressures governments to coordinate policy responses across borders, since AI-enabled intrusions can route through third countries and exploit fragmented regulatory regimes. Market and economic implications are likely to concentrate in cyber risk pricing, insurance underwriting, and the budgets of critical-infrastructure security. Even without named incidents, the direction of impact is toward higher demand for detection, incident response, and managed security services, alongside increased scrutiny of AI deployment in sensitive sectors. Publicly traded cyber-defense and identity-security firms could see sentiment support, while offensive tooling ecosystems may face tighter compliance and export-control attention. In FX and rates, the immediate effect is indirect, but persistent cyber risk can raise risk premia for technology supply chains and for firms with large cloud footprints, potentially feeding into broader cost-of-capital concerns. The most immediate “instrument” signal is likely to be volatility in cyber-related equities and credit spreads for companies with weaker security postures. What to watch next is whether Five Eyes and partner governments translate the warning into concrete measures: guidance for industry, accelerated vulnerability disclosure expectations, and possible regulatory or procurement changes for critical infrastructure. Key indicators include new advisories tied to AI-enabled phishing, automated exploitation, or model-assisted malware development, as well as any coordinated takedown or disruption operations. Another trigger point is whether major AI labs implement security controls that are specifically designed to reduce misuse, such as tighter access, monitoring, and red-teaming requirements. Escalation would be signaled by a visible increase in high-severity intrusions attributed to AI-assisted tradecraft, while de-escalation would come from demonstrable mitigation steps and measurable reductions in successful compromise rates over subsequent quarters.

View analysis
78security

Five Eyes Warn: Frontier AI Cyberattacks Are ‘Months Away’—Markets Must Reprice Risk

A joint statement from the Five Eyes intelligence alliance—covering the United States, Canada, the United Kingdom, Australia, and New Zealand—warns that frontier AI models with the capability to cause major disruption in cyberspace are “months away” from becoming publicly available. The agencies frame the timeline as near enough to matter for near-term defensive planning, not a distant research horizon. The statement also signals that the alliance expects advanced capabilities to be operationalized faster than many organizations are currently assuming. While the statement does not name specific targets, it explicitly ties the coming wave to cyber “havoc,” implying both scale and speed of threat generation. Strategically, this is a classic intelligence-to-market warning: it compresses the window for adaptation and implicitly raises the probability of opportunistic exploitation by both state-linked and criminal actors. Five Eyes’ collective posture suggests a coordinated threat assessment rather than a single-country alarm, which increases the likelihood that allied governments will align procurement, incident response, and regulatory pressure. The mention of major AI developers such as Anthropic and OpenAI underscores that the risk is not confined to obscure tools; it is tied to mainstream frontier model ecosystems. The likely beneficiaries are defenders who can accelerate hardening and monitoring, while the losers are organizations that rely on slower, human-only security workflows and governance processes. For markets, the immediate implication is a repricing of cybersecurity risk premia across software, cloud, and critical-infrastructure exposure. Investors typically respond to credible intelligence timelines by rotating toward vendors with strong detection, identity, and incident-response capabilities, and by increasing demand for cyber insurance and managed security services. The most sensitive instruments are those tied to enterprise IT spending and security budgets, including cybersecurity equities and ETFs, as well as bond and credit risk for firms with weaker security postures. While the articles themselves do not provide price levels, the direction is clear: higher expected breach frequency and faster attacker iteration should lift implied volatility for cyber-exposed names and increase hedging demand. Next, the key watch items are whether governments translate the “months away” warning into concrete measures—such as procurement requirements, reporting mandates, or model-access controls—and whether major model providers publish mitigation roadmaps that can be audited. Market signals to monitor include accelerated enterprise security spending guidance, cyber-insurance premium changes, and any regulatory actions referencing AI-enabled threats. On the operational side, defenders should track improvements in automated red-teaming, provenance checks for synthetic content, and the deployment of AI-resistant detection pipelines. Escalation would look like a rapid uptick in high-severity incidents attributed to AI-assisted tooling, while de-escalation would be indicated by evidence that public releases are delayed or constrained and that mitigations measurably reduce exploitability.

View analysis
78security

Iran’s Gulf leverage talk collides with uranium “fortress” moves—how far will Tehran push?

Iran’s leadership appears to be recalibrating its risk calculus in the Gulf, with commentary suggesting that periodic attacks on American forces are now viewed as a source of leverage rather than an unacceptable danger. The framing, reported on June 13, 2026, implies a deliberate strategy: sustain pressure while keeping escalation within controllable bounds. In parallel, an Iranian ambassador used a high-visibility public setting—the World Cup fan expo in Mexico City—to argue that Iran and the United States “can be very good friends,” signaling a simultaneous track of messaging and diplomacy. Taken together, the cluster points to a dual approach: coercive pressure at sea alongside confidence-building rhetoric abroad. Strategically, this combination matters because it tests the boundaries of deterrence and signaling between Washington and Tehran. If Iranian actors believe Gulf incidents can be “useful” leverage, they may be incentivized to maintain operational tempo while probing U.S. red lines. The ambassador’s conciliatory language does not negate the coercion narrative; instead, it can be read as an attempt to keep diplomatic space open even as pressure tactics continue. Meanwhile, reports that Tehran is fortifying a cache of near bomb-grade enriched uranium raise the stakes by shifting the center of gravity from maritime brinkmanship to nuclear hedging. Market and economic implications are most likely to flow through energy risk premia, defense and maritime insurance pricing, and nuclear-policy expectations that can move risk assets. Even without explicit figures in the articles, heightened Gulf tension typically lifts shipping and security costs and can pressure crude-linked benchmarks through perceived supply disruption risk. On the nuclear side, “near bomb grade” enrichment and stockpile fortification can intensify sanctions and compliance fears, which often translate into volatility for regional energy exporters, logistics firms, and defense contractors. For investors, the key transmission mechanism is not only headline risk but also the probability of future policy tightening that can affect FX and rates expectations for countries exposed to Iran-related trade and enforcement. What to watch next is whether the rhetoric of “friendship” is matched by concrete diplomatic steps, such as renewed backchannel talks, confidence measures, or restraint in Gulf incidents. The nuclear trigger points are clearer: any confirmation of further enrichment progress, changes in stockpile size, or technical indicators that suggest accelerated weapon-relevant capability. In the near term, monitoring U.S. force posture statements and any operational changes around American forces in the Gulf will indicate whether Washington interprets the leverage strategy as manageable or escalatory. A practical escalation/de-escalation timeline hinges on whether uranium “fortress” reporting is followed by verifiable inspections, negotiated limits, or instead by continued stockpile hardening and enrichment expansion.

View analysis
78security

Is the Strait of Hormuz reopening—or is a US-Iran showdown about to escalate?

On June 22, 2026, a cluster of diplomacy and security signals converged around the US–Iran confrontation and the Strait of Hormuz. New Zealand’s Foreign Minister Winston Peters, in a phone call with his Israeli counterpart, expressed alarm over violence by “occupiers” and settlement expansion in the occupied West Bank, while framing Lebanon de-escalation as an “important chance.” In parallel, Germany’s Defense Minister Boris Pistorius blamed US President Donald Trump for pushing the “cork” into the Strait of Hormuz crisis and urged getting it “out again,” signaling European concern about escalation risk. Meanwhile, Iran’s Foreign Minister claimed Trump had lifted a Hormuz blockade and waived oil export curbs, even as Trump warned Tehran he would “take over your country” if the strait were closed, prompting Iran to walk out of a talks venue after the threat. Strategically, the articles depict a high-stakes bargaining environment where deterrence language, alleged operational changes, and third-party mediation are all moving at once. China urged the US and Iran to work in the “same direction” for positive results and backed Pakistan and Qatar’s mediation role to permanently end the US war with Iran, suggesting Beijing is trying to stabilize a critical chokepoint without conceding leverage. The US appears to be using maximum-pressure rhetoric while simultaneously testing whether technical talks can produce de-escalation outcomes, and Iran is signaling both readiness to negotiate and sensitivity to coercive threats. Germany’s public criticism of Washington indicates that European governments are increasingly willing to challenge US framing, which could complicate coalition cohesion if the crisis returns. In the background, Lebanon and the Israeli-Palestinian file remain linked to regional de-escalation prospects, raising the risk that any failure in one theater spills into others. Market implications center on Gulf oil flows, shipping insurance, and LNG infrastructure risk. Kuwait’s offer for customers to pick up refined petroleum from ports deep inside the Persian Gulf, alongside reports of increased traffic through Hormuz, points to a near-term normalization attempt that could reduce risk premia in tanker markets if confirmed. If Iran’s claim that export curbs were waived is accurate, it would support incremental crude and product supply expectations, likely easing pressure on benchmark spreads tied to Middle East supply risk; however, the simultaneous explosion reported at the restart of an LNG facility in Qatar adds a countervailing shock to gas-linked logistics and contractor confidence. The combination of chokepoint reopening signals and infrastructure disruption risk implies a volatile pricing regime for crude, refined products, and LNG-related freight, with traders likely to price both “de-escalation optionality” and “attack/accident probability.” What to watch next is whether the alleged Hormuz blockade lift becomes verifiable through shipping data, insurance pricing, and actual vessel transits rather than statements. Key triggers include any further US–Iran threats, confirmation of technical-level progress on a peace deal, and whether Iran continues to participate after the walkout episode. On the mediation front, monitor Pakistan and Qatar’s next steps and China’s follow-through, as well as whether European officials maintain pressure on Washington’s crisis-management approach. For energy markets, the immediate indicators are tanker AIS traffic through Hormuz, changes in refinery and product pickup volumes from Kuwait’s ports, and follow-up reporting on the Qatar LNG restart incident. Escalation would likely re-accelerate if the strait is again threatened with closure or if additional coercive rhetoric surfaces; de-escalation would be reinforced by sustained transit increases and the absence of new operational disruptions over the coming days.

View analysis
78security

Five Eyes sounds the alarm: China-linked phishing and fake job ads hunt for secrets across Europe

On June 4, 2026, multiple outlets reported a coordinated intelligence and cyber warning tied to China-linked activity, centered on social-engineering schemes that use fake job advertisements to reach people with access to sensitive information. The Globe and Mail and Times of India both describe Five Eyes—Australia, Canada, New Zealand, the U.K., and the U.S.—issuing an “unprecedented” alert that Chinese intelligence operatives are targeting personnel connected to the alliance through professional job platforms. Separately, The Hacker News reported that the China-linked cybercrime group TA4922 has expanded phishing targeting to the U.K., Germany, Italy, and South Africa, pairing a “rapid operational tempo” with a continually evolving malware arsenal. Italian reporting added a domestic angle for the U.K., noting that British intelligence services are warning about Chinese agents recruiting via LinkedIn and similar channels. Strategically, the common thread is access acquisition rather than direct disruption: the campaigns aim to identify, compromise, or coerce individuals who can later provide classified or sensitive information. This fits a broader pattern of intelligence competition in which cybercrime infrastructure and tradecraft are used as a low-cost entry point into government and defense ecosystems, while plausible deniability is maintained through criminal-front tooling. The beneficiaries are China-linked operators seeking human and technical access, while the losers are Five Eyes governments and European partners that must spend more on counterintelligence, user training, and incident response. The power dynamic is asymmetric: attackers can scale recruitment and phishing quickly across multiple countries, but defenders must coordinate across agencies and jurisdictions to contain the downstream compromise. Market and economic implications are indirect but real, especially for cybersecurity and insurance pricing, and for the cost of compliance in affected European markets. If TA4922 activity is expanding across the U.K., Germany, and Italy, firms in managed security services, endpoint protection, and identity verification are likely to see demand pull-forward, while cyber insurance underwriters may tighten terms for phishing and social-engineering-related claims. In financial markets, the most immediate “symbolic” impact would be on risk sentiment for cyber-exposed sectors rather than on broad indices, with potential upward pressure on volatility in companies tied to incident response, threat intelligence, and security tooling. Currency effects are not indicated in the articles, but the operational tempo described suggests near-term budget reallocation toward security operations centers and workforce screening. The next watch items are concrete: whether Five Eyes and national services publish additional indicators of compromise, and whether platform operators (job boards and LinkedIn-like services) accelerate takedowns and verification controls. Trigger points include evidence of malware delivery succeeding at scale, reports of credential theft leading to lateral movement, and any confirmed linkage between job-ad lures and subsequent intrusion into government or defense networks. Over the coming days to weeks, defenders should monitor for spikes in spear-phishing with job-themed lures, unusual authentication patterns from targeted individuals, and rapid changes in TA4922 tooling signatures. Escalation would be signaled by attribution updates that connect these campaigns to specific compromised entities, while de-escalation would look like effective platform remediation and a measurable drop in successful lure-to-compromise conversion rates.

View analysis
78security

US-Philippines drills surge as China warns—while a carrier and Japanese warship test Taiwan Strait nerves

The news cluster shows a rapid escalation of maritime signaling around Taiwan and the Philippines. On April 20, 2026, Taipei said a Chinese aircraft carrier sailed through the Taiwan Strait, adding to a day already marked by heightened naval activity. Separately, China issued a “strong protest” after a Japanese destroyer passed through the Taiwan Strait while heading to military exercises in the Philippines, timed to the anniversary of the 1895 treaty that ceded Taiwan to Japan. In parallel, the United States and the Philippines deployed more than 17,000 soldiers for large-scale exercises that run until May 8, with Japan, Australia, New Zealand, France, and Canada also participating. Strategically, the pattern looks like coordinated deterrence and political messaging rather than isolated maneuvers. The Taiwan Strait transit by a Chinese carrier and the Japanese destroyer’s voyage both function as tests of reaction time, alliance cohesion, and narrative control, especially given the anniversary framing in the Japanese case. The US-Philippines exercise scale—17,000+ troops—signals Washington’s intent to deepen operational interoperability in the first island chain while reassuring partners that contingency planning is not theoretical. China’s “strong protest” and “hard warning” language suggests Beijing is trying to constrain allied freedom of navigation and to impose political costs on participants, while also signaling resolve ahead of the anticipated Xi–Trump summit referenced by geopolitical analysis. Market and economic implications are likely to concentrate in shipping risk, defense procurement expectations, and regional energy and insurance premia. Taiwan Strait and Western Pacific tensions typically raise freight and rerouting risk for container and bulk shipping, which can feed into higher near-term costs for electronics supply chains and industrial inputs; defense-related equities and contractors often see sentiment support when large multinational drills are announced. Currency effects are harder to pin to a single day, but risk-off moves can pressure regional FX and lift demand for safe havens, while higher geopolitical risk can widen credit spreads for shipping and logistics firms. If the drills and transits sustain through early May, investors may price a higher probability of disruption to maritime throughput and a longer period of elevated defense spending. What to watch next is whether China escalates from protests to operational friction, and whether allied forces adjust posture during the exercise window. Key indicators include additional PLA Navy/aircraft carrier transits through the strait, any reported close encounters with Japanese or US vessels, and the tempo of air and missile drills around Taiwan. On the allied side, monitor whether the Philippines and US expand the exercise scope beyond troop numbers into live-fire or integrated air-defense components, which would increase signaling intensity. Finally, the timeline matters: the drills run until May 8, and the referenced Xi–Trump summit could become a near-term de-escalation or escalation catalyst depending on whether both sides link maritime incidents to summit outcomes.

View analysis

Get full intelligence access

Unlock real-time alerts, AI-powered analysis, strategic briefings, and full risk coverage for New Zealand and 190+ countries.

Real-time Alerts AI Analysis Daily Briefings
Create free account