70 percent of Govt servers recovered: PM Kalsakau

Vanuatu Cyber Security (Photo: ITU)

Vanuatu Prime Minister Ishmael Kalsakau confirmed Wednesday afternoon that 70 percent of the Government servers have been recovered.

Partial access to government systems have been restored and that includes; government financial services, Customs and Inland Revenue, Immigration and Passports, the Vanuatu Police Force, Emergency Lines for ambulance, police and fire services, government VoIP, Civil Registry, government emails, government internet connection services; File sharing and the Ministry of Health’s procurement system (Msupply).

He said for the IT experts to resolve this issue within three weeks was an achievement.

On 6 November 2022, the Office of the Government Chief Information Officer (OGCIO) and CERTVU team detected suspicious activities within the Vanuatu Government Broadband Network (GBN).

These activities grew into a targeted cyber attack that compromised the GBN and further led to the unavailability of all government online services including government email services, government network file sharing, VoIP, government financial systems, and other critical services offered by departments and ministries.

Kalsakau assured that works are ongoing to strengthen the networks.

“In this recovery work, we are building back our government networks better and safer. We are bringing systems online in a secure and contained environment with strengthened safeguards to ensure there is no risk of re-infection,” said PM Kalsakau.

Experts and partners have been working hard to find the vulnerabilities in the system that allowed the cyber criminals access. Based on the forensic findings so far, they have identified two possible points of compromise, and these include; unsecured government websites managed by third parties and unpatched workstations on the GBN with known security weaknesses.

Kalsakau further admitted that it is still early to identify the culprits of the cyber attack.

“Data analysis of the hackers shows persistent traffic from Europe, Asia, and the United States of America. But these indications could be misleading. The hackers are almost certainly using Virtual Private Networks and servicers to hide their location,” he said.

According to the PM, the experts cannot confirm at this stage whether the culprits were organised cybercriminals, or in some way, state-sponsored, adding also that it is still early to determine the damage caused by the cyberattack.

PM Kalsakau thanked the OGICIO /CERTVU and their partners for their commitment and determination to restore the government systems back to their normal operations. He specifically mentioned Australia, acknowledging their swift response to assist Vanuatu tackle this issue.