Commentary – Tonga must maintain a firm stance of vigilance in light of the recent cyber-attacks on Samoa, which have been attributed to the China-backed APT40 hacking group.
The incident in Samoa follows the ransomware attack experienced by Tonga Communications Corporation (TCC), the state-owned telecommunications provider, in the year 2023.
At the time, TCC reportedly said:
“Ransomware attack has been confirmed to encrypt and lock access to part of TCC’s system. This does not affect voice and internet service delivery to the customers, however, it may slow down the process of connecting new customers, delivering of bills and managing customers’ enquiries.”
TCC controls all fixed telephone lines and has a 70 per cent market share of dial-up and broadband internet.
It managed about half of the mobile phone services through its UCall service.
The Medusa ransomware group took credit for the attack on TCC, according to Cybersecurity expert Dominic Alvieri.
Sources claimed Medusa is known for attacking healthcare, manufacturing, and education sectors. They have also targeted the government and finance sectors.
Pacific Islands Forum attack
The Pacific Islands Forum Fiji’s-based offices were victims of a cyber security attack last year.
China had been blamed for the damage.
However, Media outlet Global Times reported China’s Foreign Ministry spokesperson Mao Ning as saying at the time the claim that it was involved in a cyber attack on the Forum is “politically motivated disinformation”.
Samoa Cyber Attack
An ABC report this afternoon said Samoa’s government has blamed the Chinese state-backed hacking group for a series of sophisticated cyber attacks,
It said the group has been conducting “malicious cyber operations against government and key critical infrastructure system” across the Pacific.
Australian Strategic Policy Institute analyst Blake Johnson said that APT40 typically “infiltrates networks and stays hidden for potentially quite some time” as it tries to siphon valuable intelligence back to the Chinese government.
Australia and key intelligence partners previously accused the Chinese group of conducting a wide-scale cyber espionage operation in the continent.
Australian experts say APT 40 has targeted regional government and private sector networks by infiltrating devices.
“By staying hidden it can regularly monitor activity, collect data and explore through the network to try to identify higher-value targets, like potentially senior government accounts that may contain sensitive government or personal information that could be used to China’s advantage,” he told the ABC.
The ABC said the Samoan report marks the first time a Pacific island nation has issued a public advisory which attributes cyber espionage to a Chinese government-linked group.
The ABC approached the Chinese Embassy in Samoa for comment but hasn’t yet received a response.
Tonga vulnerability
A 2016 research project undertaken in Tonga showed that the kingdom’s computer systems are susceptible and can be easily exploited by cybercriminals.
Dr Siuta Laulaupea’alu raised concerns in the project about how organizations and government departments in Tonga, as well as the general public, can effectively prepare for the anticipated rise in cybercrime and cyberattacks in the Pacific region.
Laulaupea’alu recommended that the government of Tonga start implementing measures to address the security weaknesses in their systems.
“Failure to act quickly on these vulnerabilities will lead to a higher number and greater depth of cybersecurity attacks.”
