It is very concerning that the government’s cyber infrastructure has been attacked. According to Samoa's National Computer Emergency Response Team, a group called APT40 is responsible.

At the same time, it is good to know the government’s cybersecurity experts have ward off these attacks. In the digital age, information is gold. The government faces unprecedented cybersecurity challenges as it often protects sensitive information and critical infrastructure from cyber threats, making cybersecurity crucial to maintaining public trust and national security.

APT40 operates under other names as well and has been described as an advanced persistent threat. APT40 has targeted governmental organisations, companies, and universities in a wide range of industries, including biomedical, robotics, and maritime research, across the United States, Canada, Europe, the Middle East, and the South China Sea area, as well as industries included in China's Belt and Road Initiative.

On 19 July 2021, the US Department of Justice (DOJ) unsealed an indictment against four APT40 cyber actors for their illicit computer network exploitation activities via front company Hainan Xiandun Technology Development Company.

In March 2024, the New Zealand Government and its signals intelligence agency Government Communications Security Bureau accused the Chinese government via APT40 of breaching its parliamentary network in 2021. In July 2024, eight nations released a joint advisory on APT40.

SamCERT’s advisory is the latest one that has followed. The advisory doesn't directly mention or criticise the Chinese government and is a technical advisory rather than a political statement.

While fingers have been pointed at China, the Embassy of the People’s Republic of China refuted the reports. The embassy told the Samoa Observer that it was shocked to see someone spreading disinformation and hyping up so-called “Chinese cyberattacks threat”, which it strongly deplored.

The impact of a successful attack could be detrimental to the nation. In 2022, Vanuatu's government had been knocked offline for more than 11 days after a suspected cyber-attack on servers in the country. In December, the RansomHouse hacking group claimed responsibility for the attack and said that it exfiltrated 3.2 terabytes of data.

The hack disabled the websites of Vanuatu’s parliament, police and prime minister's office. It took down the email system, intranet and online databases of schools, hospitals and other emergency services as well as all government services and departments.

The shutdown left the nation's population scrambling to carry out basic tasks like paying taxes, invoicing bills and getting licences and travel visas. Essentially anyone with a gov.vu email or domain was affected.

State-sponsored cyber-attackers are emerging as one of the preeminent threats targeting not just individuals, but foreign organisations and governments. From espionage with the intent to steal trade secrets to influencing elections worldwide, to military/national defence impacts – state-sponsored cyber-attacks are wide-reaching and increasing. There is no doubt that information is becoming one of the hottest commodities that attackers can get their hands on – with our digital world being more connected than ever, a breach in one corner of the globe can send tidal waves across the world.

This is also a warning for businesses and private organisations on the need for robust cyber security protection. While it is resounding that SamCERT is ready to protect us against the attack, much is needed from the government information technology departments.

Government websites are outdated and some are not updated with the latest information. Searches for documents and information often return with nothing. Information sharing through a common database needs to be worked on. For example, stop orders issued by the court do not get automatically updated in the immigration software and court decisions to revoke driver's licences do not show up in any system. Police cars do not carry equipment where they can run checks on-site.

Cyber attacks are real and we have to be better prepared. Hopefully, in the coming days, SamCERT will disclose what exactly was targeted and how it would have impacted people.