Samoa’s government has blamed a Chinese state-backed hacking group for a series of sophisticated cyber attacks, saying it has been conducting “malicious cyber operations against government and key critical infrastructure system” across the Pacific.
Several Pacific nations have been grappling with cyber attacks from state backed and criminal groups for years, but this marks the first time a Pacific island nation has issued a public advisory which attributes cyber espionage to a Chinese government-linked group.
A document from Samoa’s National Computer Emergency Response Team calls the hacking group ATP40 a “serious threat” to the region.
“Recent activity … suggests the existence of campaigns specifically targeting networks hosted in the Blue Pacific,” it adds.
The advisory doesn’t directly mention or criticise the Chinese government and is a technical advisory rather than a political statement.
But it calls the APT40 “a state-sponsored cyber group” and links to an advisory that Australia, the US, the UK, South Korea, Japan, Germany and Canada issued last year which says APT40 conducts “malicious cyber operations for the PRC Ministry of State Security”.
The advisory also provides technical advice on how APT40 operates, saying it uses malware that allows it to maintain “command and control in the network”.
“These malwares are used together to avoid detection and enable the exfiltration of sensitive data from Blue Pacific networks,” it says.
A spokesperson for the Department of Foreign Affairs and Trade (DFAT) said Samoa’s advisory demonstrated that “malicious cyber activity is a global scourge including for the Pacific.”
“The Australian government is working closely with our Pacific family to bolster its cyber security in the face of malicious actors,” they said.
“Through the Cyber Rapid Assistance to Pacific Incidents and Disasters (RAPID) team, the Department of Foreign Affairs and Trade leads the Australian government’s response to cyber crises as they happen in the Pacific, only after Pacific governments request the assistance.”
Australian Strategic Policy Institute analyst Blake Johnson said that APT40 typically “infiltrates networks and stays hidden for potentially quite some time” as it tries to siphon valuable intelligence back to the Chinese government.
“By staying hidden it can regularly monitor activity, collect data and explore through the network to try to identify higher-value targets, like potentially senior government accounts that may contain sensitive government or personal information that could be used to China’s advantage,” he told the ABC.
New Zealand’s government has also pointed the finger at APT40 recently, saying it was behind a cyber attack on the country’s parliamentary systems last year.
The ABC also revealed that Australian officials had assessed that a Chinese-linked group was responsible for a large-scale cyber attack on the Pacific Islands Forum last year, although the PIF Secretariat has not publicly attributed that attack.
The president of the Pacific nation of Palau — which recognises Taiwan rather than the People’s Republic of China — has also accused Beijing of targeting his government online, although his government didn’t issue a formal advisory on it.
China has always furiously denied any attribution for cyber attacks, including those linked to APT40.
The ABC has approached the Chinese Embassy in Samoa for comment, but it hasn’t yet received a response.
‘Encouraging step forward for cyber resilience’
Australia has ramped up cyber assistance to the region, sending teams to multiple countries across the Pacific to help them deal with online attacks from both criminal groups and foreign governments.
Australia’s ambassador for cyber affairs and critical technology, Brendan Dowling, called Samoa’s advisory “important” and said it showed “how crucial this awareness and mitigation advice is for the Pacific region”.
“We are proud of our close cyber partnership with Samoa and we continue to stand and work with all of our Pacific family to strengthen their cybersecurity against malicious actors,” he said on social media.
Mr Johnson from ASPI said that Samoa’s public attribution was a “really encouraging step forward for cyber resilience in the Pacific” and might encourage other Pacific countries to come forward and make similar attributions.
“A Pacific island CERT [computer emergency response team] having the confidence and capability to work with partners and outline threats is important on a regional scale, and should open the gates to more frank and fearless conversations between leaders in this space,” he said.
“It’s important that Pacific island countries understand that they are not exempt from the threat regardless of their diplomatic relationship with China.”
Journalist Robert McMillan says Salt Typhoon reached a position to acquire a large amount of sensitive US data.
This article was originally published by ABC Pacific and has been republished with permission.
