Palau, an archipelago of about 350 small islands in the Pacific Ocean, has become increasingly important to the United States as China seeks to establish influence in the Indo-Pacific region. This year, Washington finalized a long-delayed plan to provide Palau with hundreds of millions of dollars in aid over 20 years.
Just hours before diplomats gathered at the U.S. Embassy in Palau to celebrate the signing of the agreement, the island nation was hit by a massive cyberattack. More than 20,000 government documents were stolen.
A few weeks later, in April, the documents appeared on the dark web. Among them was a description of a U.S. radar installation in Palau, marked “For official use only.” There was a list of crew members of Japanese naval vessels that had visited Palau. There were also hundreds of documents detailing Palau’s close relationship with Taiwan.
The leader of Palau, one of the few countries in the world that recognizes Taiwan as an independent democracy, said the hack was orchestrated by China, which claims Taiwan as its territory, to send a message. Beijing has induced other countries, such as Nauru, another Pacific nation, to cut ties with Taipei.
China has denied the allegation, and experts say Palau has not provided any evidence linking it to Beijing. A ransomware group called DragonForce has claimed responsibility, saying it carried out the hacking purely for financial gain. The group has threatened to cause more harm to Palau.
Regardless of the motivation, the intrusion is a danger to the U.S. Experts say hackers could use the information gleaned from it to plan more sophisticated phishing attacks. Whether or not DragonForce acted alone, the incident is another reminder of the threat of hackers-for-hire.
Officials in Palau, which hosts U.S. military facilities and occupies a key waterway for defending Taiwan in a conflict, said the attack was politically motivated and involved China.
“Everything points in this direction,” Palau President Soulanger Whipps II said in an interview. “It's regrettable that China would do something like this,” he said, adding that Palau's relationship with Taiwan is “stronger than ever.”
“It is extremely irresponsible for Palau to jump to conclusions without effective evidence and to make groundless accusations and smears against China,” China's Foreign Ministry said in a statement.
Palau, about 550 miles east of the Philippines, was administered by the United States for decades after World War II. Palau became independent in 1994 but maintains close ties with Washington through an agreement called “free association.” The agreement gives Palauans the right to work, live and study in the United States, and the United States funds the local government and allows military access to the archipelago of about 20,000 people. Palau's closest neighbors, Micronesia and the Marshall Islands, have similar ties to the United States.
Palau will receive about $900 million in aid from the United States over 20 years. But months of delays in ratifying the deal have raised concerns that China could gain an advantage in the region.
Taiwan also provides economic assistance to Palau, and some of the leaked documents show how Taiwan helps fund Palau's attendance at international forums such as the United Nations and climate summits, meetings from which Taiwan is excluded due to Beijing's objections.
Although most countries consider Taiwan a sovereign state, few officially recognize it. The United States describes its relationship with Taiwan as “Strong informal relationship“When asked to comment on the intrusion in Palau, a Pentagon spokesperson referred questions to U.S. Cyber Command, which declined to comment.
The leaked documents could also pose a threat to other countries. They include diplomatic communications with countries including Japan, Israel and the United States since the mid-2000s. The identities of senior Japanese military officers, some American soldiers and a Saudi Arabian diplomatic delegation were also posted online.
“If we’re not careful, it could affect Japan and Taipei,” said Hideyuki Shiozawa, a former Japanese diplomat and Pacific affairs expert at the Sasakawa Peace Foundation in Tokyo, referring to the cybersecurity situation in Pacific islands.
A Palau official said the hack was politically motivated because DragonForce did not try to negotiate a ransom. In addition, Jay Anson, chief information security officer for Palau's Ministry of Finance, said that by using the ransomware group, Beijing reduced the risk of a diplomatic incident with Washington.
“We think they must have been paid to profit from this,” said Anson, whose department the documents were stolen from. “This is about politics, not money.”
Experts said Palau may have been targeted by China, but it is unusual for cyberattacks to be subcontracted to ransomware groups.
Jon DiMaggio, a former U.S. intelligence community analyst and now chief security strategist at cybersecurity firm Analyst1, said he had seen the documents and that those related to Taiwan could be of interest to China. He said Palau officials had not shared details with experts to support the allegations. But he added that one reason state actors would use a group like DragonForce rather than covert espionage is to publicly humiliate a target.
“If they hired a ransomware group as a contractor, they definitely had a motive because they knew it would attract attention,” he said. “It’s possible — if that’s what they were trying to say.”
Allan Liska, an analyst at cybersecurity firm Recorded Future, also said Palau needed to share more details to convince him and others of the ransomware explanation, but he agreed that the motive was possible. “If your goal is publicity, then the hacking and leaking nature of ransomware lends itself very well to publicity,” he added.
Whipps also accused Beijing of interfering in Palau's internal affairs, an allegation China's Foreign Ministry did not mention in its statement. He said that while he was a presidential candidate, he received a call from China's ambassador to Micronesia, who urged him to sever ties with Taiwan if elected.
“He called me and said, 'You're a businessman. Do you understand the potential of China? If you need a million tourists, we can give you a million tourists. We can build every hotel you need. It's basic economics. We have 1.5 billion people and Taiwan has 22 million,' ” Whipps recalled.
Then, Whipps said, the ambassador accused Palau of engaging in illegal activities. Whipps asked him what activities, and he said the Chinese official responded, “You recognize Taiwan.”
Wang Xiaoling and David Pearson Reports from Hong Kong, and Julian Barnes From Washington.