Nukuʻalofa – A months‑long tri‑nation cyber probe has pinpointed Roman Khubov as the hacker behind the crippling ransomware attack on Tonga’s Ministry of Health in June 2025.
The Australian authority said this afternoon that the investigation confirmed Khubov’s group controlled the malicious infrastructure used to penetrate the Ministry’s systems and steal sensitive data.
INC Ransom—an international cybercriminal group—has been linked to multiple high‑profile attacks across Australia and New Zealand in recent years, disrupting essential services and putting public safety and livelihoods at risk.
Authorities say the same group attempted similar attacks on critical systems across the Pacific region.
Rapid Assistance After the Attack
Following the breach, Tonga and Australia activated the Cyber Rapid Assistance for Pacific Incidents and Disasters (RAPID) program to contain the attack, restore Ministry of Health systems and resume healthcare services as quickly as possible.
Officials say the RAPID program played a critical role in minimising the disruption to health services for the Tongan public.
The joint advisory includes practical recommendations for organisations across the region to help defend against INC Ransom and similar threat actors.
These include strengthening network monitoring, improving data backup systems, and implementing multi‑factor authentication.
Authorities emphasised the important role that Pacific media organisations can play in distributing the advisory to ensure communities and organisations are better prepared for potential attacks.
A Milestone in Cyber Cooperation
Today’s announcement marks the first time Australia has co‑signed a technical cyber advisory with a Pacific nation, highlighting the growing depth of cyber cooperation between Tonga and Australia under the Australia–Tonga Memorandum of Understanding on Cyber Cooperation, signed during His Majesty King Tupou VI’s visit to Australia last year.
Officials from all three countries described the joint statement as a strong signal that their governments are united in deterring malicious cyber activity targeting national interests and in upholding peace and security across the Pacific.
“We stand together in sending a clear message,” the advisory states, “that our Governments will deter and respond to malicious cyber actors threatening our national interests, and promote peace and security in the Pacific.”
