China-backed APT40 hacking group blamed for cyber attacks on Samoa

The Samoan government has publicly accused a Chinese government-backed hacking group of launching a series of sophisticated cyberattacks against government agencies and critical infrastructure systems in the Pacific region. For years, some Pacific nations have been plagued by cyberattacks from state-sponsored and criminal groups, but this is the first time a Pacific island nation has issued a public warning attributing cyber espionage to an organization linked to the Chinese government.

A document released by Samoa's National Computer Emergency Response Team stated that the hacking group ATP40 poses a "significant threat" to the region. The document noted that recent activity indicates targeted attacks against networks in the "Blue Pacific" region. Although the warning does not directly mention or criticize the Chinese government, being a technical advisory report rather than a political statement, its importance cannot be ignored.

The warning defines APT40 as a "state-sponsored cyber organization" and links to warnings issued last year by Australia, the United States, the United Kingdom, South Korea, Japan, Germany, and Canada. The warning states that APT40 conducts "malicious cyber operations" for the Chinese Ministry of State Security. The advisory also provides technical advice on how APT40 operates, stating that the malware it uses can maintain "command and control" over networks.

Blake Johnson, an analyst at the Australian Strategic Policy Institute (ASPI), said that APT40 typically "penetrates networks and hides within them for quite some time," attempting to transmit valuable intelligence back to the Chinese government. Johnson added that by remaining hidden, APT40 can regularly monitor activity, collect data, and explore networks, attempting to identify higher-value targets, such as high-level government accounts that may contain sensitive government or personal information, which could be exploited by China.

The New Zealand government recently also accused APT40 of being behind the cyberattack on the country's parliamentary system last year. The Australian Broadcasting Corporation (ABC) also revealed that Australian officials assessed that an organization linked to China was responsible for the large-scale cyberattack suffered by the Pacific Islands Forum (PIF) last year, although the PIF Secretariat has not publicly blamed the attack. The President of Palau has also accused Beijing of targeting his government with cyberattacks, although his government has not issued a formal warning. China has strongly denied involvement in any cyberattacks, including those related to APT40.

Brendan Dowling, Australia's Ambassador for Cyber Affairs and Critical Technology, called Samoa's warning "important," saying it shows that "this kind of awareness and mitigation advice is crucial for the Pacific region." He added: "We are proud of our close cyber partnership with Samoa, and we will continue to stand with all of our Pacific family, working together to strengthen their cyber security to defend against malicious actors." Johnson said Samoa's public accusation is "a very encouraging step forward for cyber resilience in the Pacific" and may encourage other Pacific nations to step forward and make similar accusations.

Johnson concluded: "It is regionally significant that a Pacific Island CERT (Computer Emergency Response Team) has the confidence and capability to work with partners and outline the threat, and it should open the door for more candid and fearless conversations between leaders in this space." He emphasized: "It is important that Pacific Island nations understand that, regardless of their diplomatic relationship with China, they are not immune from threats."