Analysis: Cyber Attack on Tonga Health System Traced as Australia and New Zealand Deepen Digital Security Partnership
By Political Desk
Nukuʻalofa — A ransomware attack that disrupted systems at Tonga’s Ministry of Health last year has now been formally attributed to an affiliate of a major international cybercrime group, in a joint move by Australia, New Zealandand Tonga.
After months of investigation, authorities from the three countries say the June 2025 attack was carried out by Roman Khubov, an affiliate of the ransomware group known as INC Ransom, which has been linked to cyber attacks across Australia and New Zealand.
The group is accused of targeting organisations in ways that threaten essential services and livelihoods.
The findings have been released through a joint cyber security advisory that will also be distributed across the Pacific region to help organisations strengthen their defences against similar attacks.
Health Systems Targeted
The cyber attack targeted Tonga’s Ministry of Health, highlighting the growing vulnerability of critical government services to ransomware operations.
Health systems are frequent targets for cyber criminals because they store sensitive personal data and rely heavily on digital infrastructure.
Authorities say the attack involved malicious digital infrastructure used to steal data from the ministry’s systems.
Investigators say the infrastructure used during the attack was controlled by Khubov, according to the joint advisory issued by the three governments.
Regional Cyber Response
Officials say Tonga worked closely with Australia to respond to the attack under the Cyber Rapid Assistance for Pacific Incidents and Disasters (RAPID) program.
The initiative allowed cyber specialists to help contain the attack and restore affected systems so healthcare services could continue operating.
The advisory released this week also provides guidance for organisations on how to better protect sensitive data and computer networks from ransomware groups.
Media organisations across the region have been encouraged to help circulate the information to strengthen cyber awareness.
First Joint Advisory with a Pacific Nation
Australian officials say the advisory marks the first time Australia has co-issued a technical cyber advisory with a Pacific partner.
The move reflects the growing cyber security partnership between Tonga and Australia, including cooperation under the Australia–Tonga Memorandum of Understanding on Cyber Cooperation, signed during the visit of Tonga’s King to Australia last year.
Officials say the partnership is aimed at improving cyber resilience and strengthening the region’s ability to deter malicious cyber actors.
Digital Security and Strategic Influence
Cyber security is becoming an increasingly important issue for Pacific island countries as governments expand digital services and internet connectivity.
Countries that help Pacific nations build and secure their internet networks and cloud systems also influence how the region’s digital systems are designed and protected.
As Pacific states expand digital infrastructure, partnerships aimed at improving cyber security are becoming an important part of broader regional cooperation.
A Growing Security Challenge
Ransomware attacks can disrupt hospitals, government services and financial systems, making them a serious concern for national security.
The joint advisory highlights the growing cooperation between Pacific states and their partners to respond to cyber threats and protect critical infrastructure.
Authorities say continued collaboration will be essential as cyber attacks become more sophisticated and more frequent across the region.
