Tag Archive for: cyber maturity

The Pacific needs greater cyber resilience as malicious actors break into networks

Samoa and Papua New Guinea’s recent experiences with cyber intrusions are the latest reminders of the urgent need for enhanced cybersecurity resilience in the Pacific. What’s needed is capacity building and coordinated response initiatives.

On 11 February Samoa’s Computer Emergency Response Team (SamCERT) issued an advisory warning about APT40, a Chinese state-backed hacking group operating in the region. Days later, reports emerged that Papua New Guinea had suffered an unattributed cyberattack on its tax office, the Internal Revenue Commission, in late January.

SamCERT’s advisory marks the first time a Pacific island country has formally attributed a cyberattack to a China-linked group. While the advisory does not directly name China, it identifies APT40 as the perpetrator behind the cyber intrusion and provides a link to the Australian Signal Directorate’s website that details APT40’s connection with the Ministry of State Security, China’s foreign intelligence agency.

The advisory also warns that the hacking group conducts ‘operations directed at sensitive networks administered by Pacific Island nations’. While this reflects a growing awareness of foreign cyber influence in the Pacific, it also shows the caution that smaller nations exercise when publicly attributing cyber threats to state actors.

APT40, classified as an advanced persistent threat, conducts cyber operations by infiltrating networks and maintaining access. By loitering, it can monitor activity, collect data and carry out more sophisticated attacks targeting high-value accounts, including those of government officials.

This group and this method of operation are not new. Australia, the United States and New Zealand have all previously attributed cyberattacks to APT40. In the Pacific, Palau is the only country that has openly accused China of targeting its digital infrastructure, but didn’t issue technical attribution. Samoa’s willingness to publicly acknowledge this threat is a step towards greater cyber transparency in the Pacific and encourages more open discussions among regional leaders and cybersecurity experts.

Beyond the immediate implications of cyber espionage, these incidents highlight the broader hybrid threats Pacific nations face. Malicious actors often exploit weaknesses in cyber hygiene, including in server exploitation, phishing campaigns and web compromises, to gain initial access to networks. The intersection of cyber operations, economic dependencies and diplomatic sensitivities creates a complex security environment for the Pacific. While raising awareness of cyber threats is crucial, strategic communication must be handled in a way that fosters regional cooperation and builds cyber resilience without unnecessarily escalating geopolitical tensions.

Australia has worked with Pacific nations to enhance their incident response capabilities, provide technical assistance and facilitate information sharing. It has supported initiatives such as the Pacific Cyber Security Operational Network and the Cyber Rapid Assistance to Pacific Incidents and Disasters team. Samoa’s ability to issue a public advisory is, in part, a testament to such capacity-building efforts.

In contrast, Papua New Guinea communicated poorly following a cyberattack on its Internal Revenue Commission that paralysed tax administration functions and potentially exposed sensitive financial data. The commission first characterised the 29 January attack as a ‘system outage’, reflecting deeper structural challenges in the region’s cyber resilience framework, such as infrastructure gaps and bureaucratic red tape.

While it’s ideal for organisations to be transparent about being victims of a cyberattack, this requires a level of cyber maturity. Doing so effectively would require a level of technical capability and strategic communications preparedness to manage public awareness and response that many of these institutions in the Pacific have not yet built.

Governments in the Pacific recognise the importance of cybersecurity. PNG launched its National Cyber Security Strategy in 2024 joining several other countries who have published or are drafting their own. But many still face limitations in resources, technical expertise and infrastructure.

Pacific nations and international partners need to prioritise strengthening national computer emergency response teams and fostering regional cooperation. Enhancing incident detection and response capability, as well as promoting intelligence sharing across borders will help mitigate future cyber threats.

Arguably, Australia’s strategic investments in the region’s digital infrastructure, including high-capacity subsea cables, are important to digital transformation in the region. But transformation is outpacing cybersecurity preparedness, creating a widening gap that exposes critical institutions to cyber threats. Support must be matched with comprehensive and sustained cybersecurity capacity-building programs that raise Pacific nations’ agency—not just token efforts.

Although Australia has committed to building cyber capacity across the region, its support should extend beyond government networks to include businesses, critical infrastructure operators and civil society. Long-term resilience will come from increasing public awareness, developing a skilled cybersecurity workforce and integrating cyber resilience into national security strategies.

At least, Australia needs to gather like-minded partners, such as Japan, France and India, to coordinate investment in Pacific cybersecurity, ensuring that the region is equipped with the necessary tools and expertise to counter the growing sophistication of cyber adversaries.

Cyber trends in 2017: the rise of the global cyberattack

What are the mega-trends across the cyber landscape in the Asia–Pacific?

The ASPI International Cyber Policy Centre’s new report, Cyber maturity in the Asia–Pacific region 2017, distils the major trends from a year’s worth of cyber events and looks at how countries in the region are measuring up to the challenges and opportunities posed by the internet and ever-more-connected IT infrastructure.

Although cyber maturity and cybersecurity generally improved over the past year, the threat landscape worsened. Cybercriminals are investing in more advanced and innovative scams, and nation-states are prepared to launch massively destructive attacks causing huge collateral damage.

The region (like other parts of the world) was affected by two state-sponsored malware attacks that were designed to cause serious damage. The WannaCry ransomware was notable for including EternalBlue (a highly advanced exploit that was reportedly developed by the US National Security Agency), which allowed it to spread rapidly in many Windows environments with poor software update practices. Both the NSA and Britain’s National Cyber Security Centre attributed the attack to North Korea. Despite its use of sophisticated technology, WannaCry was so poorly executed that it failed to collect significant ransom money. It also contained a readily identified kill switch, which was used to prevent the malware from spreading. Even so, WannaCry affected more than 200,000 computers in over 150 countries, and the victims included factories, universities, and parts of Britain’s National Health Service.

The NotPetya incident, attributed to Russia, involved a Ukrainian accounting software firm. Hackers breached the software update process and used it to distribute malware to the firm’s clients using the software. The malware then spread through internal networks and wiped victims’ machines. Although it targeted Ukrainian businesses, NotPetya caused huge collateral damage: German pharmaceutical company Merck reported US$310 million in direct costs and lost sales; US logistics company Fedex, US$300 million; and Danish shipping company Maersk, US$200 million. The Cadbury chocolate factory in Hobart was also shut down by NotPetya.

These events show that some states are actively and destructively using cyberweapons to gain advantage—either to raise money or to damage IT infrastructure.

The UN process that was attempting to negotiate limits on state behaviour in cyberspace broke down earlier this year without agreement. The way ahead isn’t clear. The US has talked of forming a coalition of like-minded countries that could engage in joint action, and Australia has committed to measures to respond to these threats in its International Cyber Engagement Strategy.

Several countries in the Asia–Pacific have started to talk more openly about military cyber capabilities. The US plans to elevate its military cyber unit, Cyber Command, to a unified combatant command to give it more independence and authority. Australia has established an Information Warfare Division and has declared that it has an offensive cyber capability that it’s prepared to use to disrupt and deter cyber criminals targeting Australia. Japan has also proposed greatly expanding its military cyber investment, albeit from a very small base.

Although militaries traditionally shroud their cyber capabilities in secrecy, more transparency and doctrine-sharing would be welcome. Increased openness, collaboration, and other confidence-building measures would help to set expectations of state behaviour, clarify how international law applies, and reduce the risk that cyber incidents will result in accidental escalation into armed conflict. Australia has led the way in this area; it is relatively transparent about its cyber offensive capabilities and has consistently emphasised that both international and domestic law applies in offensive cyber operations.

Cybercrime is also a huge issue in the region. With the rise of ‘crime as a service’, the technical sophistication needed to be a cybercriminal is lower than ever. The rewards are high and the chances of arrest are low. As countries in the region become better connected to the internet, rising levels of cybercrime threaten to undermine progress on economic development enabled by the internet. But government regulation and law enforcement make a difference. Tonga is a shining example—it became the first Pacific island to accede to the Budapest Convention on Cybercrime, a treaty that enables a cross-border approach to tackling cybercrime.

In a third worrying development, many countries use cybersecurity laws to impose or strengthen information control and censorship. Of the 25 countries covered in our report, just four—Australia, Japan, the Philippines and the United States—are classified as having a free internet.

Overall, cyber maturity improved across all countries in the region: governance, law enforcement and international engagement are stronger, and the internet is available to more people. But progress is uneven. The countries that lead in cyber maturity—the US, Australia, Japan, Singapore and South Korea—continue to pull away from less developed countries that struggle to invest in cybersecurity and telecommunications in the face of more pressing economic and human development concerns.

The spread of the internet provides huge development opportunities, but it also comes with its fair share of challenges. Australia and other developed countries in the region must directly address the challenges of dangerous state behaviour, the spread of cybercrime, and a constrained and censored internet, by promoting our vision of a free, open and secure internet that will benefit all economies in the region.