Papua New Guinea’s Finance Ministry suffered a crippling cyberattack, halting payments and exposing security gaps. Cyber experts warned PNG’s limited IT resources could prolong recovery. The attack raises concerns over data exposure, and the broader cyber threats facing Pacific nations.
Papua New Guinea’s Department of Finance fell victim to a crippling cyber-attack, disrupting the country’s Integrated Financial Management System (IFMS)—a key network overseeing government budgeting, accounting, and the management of hundreds of millions in foreign aid funds. The attack halted government payments, preventing cheque processing and causing severe operational delays across multiple agencies. PNG Finance Minister John Pundari confirmed the incident, stating that no ransom was paid and that recovery efforts were underway, but the breach exposed critical weaknesses in the nation's cyber security framework.
The cyber-attack on PNG underscores a growing pattern of targeted operations against US-Australia allies, where smaller Pacific nations serve as both vital partners and potential pressure points in the broader geopolitical chess game. While major players, led by the US and Canada, with Australia as a strategic partner in the Pacific, have fortified their cyber defenses, PNG and its regional counterparts remain vulnerable due to limited resources and aging infrastructure.
This raises a pointed question: when cybercriminals operate with the precision and persistence of statecraft, where does crime end and strategy begin? Analysts warn that these incursions may not be mere opportunistic exploits but deliberate maneuvers designed to erode regional stability, testing the resilience of alliances and the economic security they underpin. If the Pacific is the new battleground for digital influence, the intersection of cybercrime and state-backed disruption is a potent—and dangerous—mix.
Robert Potter, a cybersecurity expert who helped establish Papua New Guinea’s National Cyber Security Centre, highlighted the difficulties that arise when external assistance is required in the aftermath of such breaches.
"It's always a sensitive time when external partners come in to help … there's always a huge concern on the Papua New Guinea side about what other embarrassing things might be seen or released as a result of these sorts of attacks," Potter said.
While authorities are working to restore systems, the recovery process is expected to be slow.
"They don't have the same budgets for IT that Western countries like Australia have, and so when they get attacked, the impacts are usually greater, and the damage usually lasts for longer," he added.
Beyond the immediate disruption, the breach could have longer-term consequences for Papua New Guinea’s economy and its attractiveness to investors. Mihai Sora, director of the Pacific Islands Program at the Lowy Institute, warned that cyber-attacks like this could further undermine business confidence.
"It can be difficult for the private sector to operationalise their potential interest in PNG and these sorts of attacks, that's just another reason to hesitate for them," Sora said.
Sora's repost on 'X' pointed to growing cyber security threats in the Pacific, noting Samoa’s recent attribution of cyber activity to a Chinese state-backed group:
Very interesting. Samoa has publicly attributed malicious cyber activity to a Chinese state-backed group of hackers, APT40. Several countries have done this before, but I *think* this is the first time a Pacific nation has publicly attributed cyber attacks to a PRC backed entity https://t.co/mtwbmGV3pG
— Stephen Dziedzic (@stephendziedzic) February 11, 2025
The rising intensity of these cyber incidents mirrors attacks seen across allied countries. The United States recently suffered from a Clop ransomware attack that compromised sensitive Department of Energy data, while Canada’s federal networks and financial institutions have also been repeatedly targeted in coordinated cyber intrusions.
Australia, too, has faced relentless cyber threats, including the HWL Ebsworth breach, which exposed classified data from 65 government agencies, and the MediSecure hack, which compromised the health records of 12.9 million Australians. The increasing frequency and scale of these attacks reflect a shifting geopolitical reality—cyberwarfare is now an active front in global strategic competition.
Medibank CEO David Koczkar said
— Medibank (@medibank) October 24, 2022
“I unreservedly apologise to our customers who have been the victims of this serious crime.
Australia’s ongoing response to cyber threats took a major turn this week, with the federal government sanctioning a Russian entity and five individuals over their involvement in the 2022 Medibank cyber-attack. The Medibank breach saw 9.7 million customer records stolen and leaked on the dark web, marking one of the largest cyber-attacks in Australian history. The fallout continues to impact both government and private-sector cyber security policies, as Canberra pushes for tougher international cybercrime accountability.
The impact of the 2022 Medibank Private cyber attack was significant and far reaching. Millions of Australians had their most sensitive personal data taken from them and exposed on the dark web. pic.twitter.com/4wuofq1H8q
— National Cyber Security Coordinator (@AUCyberSecCoord) January 23, 2024
The Medibank incident underscored the vulnerabilities in Australia’s critical infrastructure, leading to a national overhaul of cyber defenses. The latest attack on PNG’s finance ministry highlights a deeper issue: regional cyber security disparities. While Australia and the US have the capacity to respond with high-level resources, smaller nations across the Pacific, Southeast Asia, and beyond remain dangerously exposed to large-scale cyber-attacks. This imbalance creates easy targets for threat actors seeking to exploit weak government networks while applying pressure on strategic alliances.
With cyber security now a key pillar of modern geopolitics, the US, Australia, and their allies must work to fortify regional cyber defenses, ensuring that Pacific nations are not left behind. As state-sponsored cyber threats become more aggressive, coordinated responses—including intelligence sharing, stronger defense investments, and international cyber deterrence measures—will be crucial to preventing further destabilization in the region.
Australia is facing a double threat to its financial security: cyberattacks on major superannuation funds and the fallout from Trump’s “Liberation Day” tariff declaration. Both have exposed deep vulnerabilities in retirement savings, leaving Australia’s future wealth increasingly at risk.
Major cyber alliances are buckling. Australia’s super funds are under digital siege, the US slashes cyber defenses, and Five Eyes unity is faltering. As threats mount from China and Russia, the West’s fractured response risks emboldening adversaries and weakening global cyber resilience.
Elon Musk’s X AI platform has been hit by a massive cyber-attack, leaving users in the U.S. and UK unable to refresh feeds or access accounts. Musk confirmed the attack’s severity, pointing to IP traces from “the Ukraine area,” though experts caution that origin masking is possible.
Late last week, an extraordinary announcement signaled a dramatic shift in U.S. cybersecurity policy: the Trump administration deprioritized Russia as a leading cyber threat. Experts fear downplaying Moscow’s aggression could expose American networks to new risks and undermine national security.
