The Australian government sent expert teams to Fiji this year to help the Pacific’s top regional body after its networks were infiltrated by Chinese state-backed hackers, the ABC has learned.
The cyber attack on the Pacific Islands Forum (PIF) Secretariat, which is based in Suva, was first detected in February this year, although the hackers likely gained access well before that.
It comes as China continues to press its interests in the Pacific, and as competition between China and the West throughout the region continues to intensify.
Beijing has also been building up policing ties in the region, holding its third annual meeting with Pacific police representatives in Fuzhou Wednesday.
The ABC has been told that the PIF cyber breach detected in February was “extensive” and that the group behind the hack was intent on gathering information about the Secretariat and its operations.
The hackers also wanted to gather information on the Secretariat’s communications with PIF member nations.
The Australian government sent one of its roving teams of cyber specialists — which draw on both government and private sector expertise — to Fiji, to help the Secretariat deal with the problem.
Over time those teams have helped PIF expel the hackers and remediate its computer networks.
The ABC has also been told that analysis by the Australian Cyber Security Centre found that the attack was the work of a group of hackers backed by the Chinese government.
Australia has publicly attributed multiple cyber-attacks to Chinese state-backed groups before, including to hackers linked to China’s Ministry of State Security (MSS).
Earlier this year, New Zealand’s government also attributed a cyber attack on its parliament to groups linked to the MSS.
A Pacific island government source told the ABC that PIF had quietly alerted its member states to the cyber breach, including at the leaders meeting in Tonga.
But the Secretariat has not publicly disclosed the attack, or attributed it to China.
The Pacific Islands Forum infiltration comes in the wake of multiple cyber attacks in the Pacific, with Australia deploying its roving teams of cyber experts at least half a dozen times to the region this year, although many of these missions have not been publicly advertised.
Vanuatu, Tonga and Papua New Guinea have all been hit with major publicly-acknowledged ransomware attacks conducted by criminal groups in recent years, while earlier this year Palau — which maintains diplomatic ties with Taiwan — accused Beijing of orchestrating a massive cyber attack on its computer networks.
Mihai Sora from the Lowy Institute said Pacific island governments were “rapidly undergoing digital transformations” but the “accompanying cybersecurity measures are lagging”.
“It’s like the Wild West out there,” he said.
“These gaps are both expensive and require highly specialised technical knowledge to fill [them].
“It is absolutely vital that partner countries like Australia continue to provide emergency cyber incident response, as they have done through the multiple deployments of RAPID teams this year alone.
“The Australian, U.S and other like-minded governments, in partnership with the business community, need to come together and massively lift their game to protect regional systems and the communities they serve.”
Dr Graeme Smith from The Australian National University said the hack of PIF fitted with a “pattern” where “the roots of cyber attacks are planted well in advance”.
He said China had also demonstrated that it was willing to activate cyber attacks “at a time that will cause maximum embarrassment”.
“In the case of Palau this year, its Ministry of Finance was hit by a ransomware just as Palau renewed its 20-year Compact of Free Association with the U.S in March,” he said.
“Then its Customs and Border was hit in July just before an Australian team arrived in Palau to provide advice on cybersecurity.”
In a statement, the Chinese embassy denied that China was behind the hack, saying it was “a made-up story and has no basis at all”.
“We firmly oppose the practice of politicising cybersecurity issues, accusing other countries without evidence, and wantonly associating cyber attacks with the government of any country,” the embassy said.
“China is a major victim of cyber attacks. We have been resolute in combating all kinds of malign cyber activities in accordance with the law, and never encourage, support or condone cyber attacks.”
The embassy also told the ABC it “should respect facts and abide by the media professional standards such as objectivity, impartiality and professionalism, should not make a presumption of China’s guilt without verifying the facts, and refrain from spreading disinformation that misleads public opinion and smears China”.
The ABC has approached the PIF Secretariat and the Australian government for comment, but neither have yet responded.