Olivia Wang and David Pierson contributed reporting from Hong Kong, and Julian Barnes from Washington.
Palau, a clump of about 350 small islands in the Pacific Ocean, has become increasingly important to the United States as China tries to build clout in the Indo-Pacific.
This year, Washington finalized a long-delayed plan to give Palau hundreds of millions of dollars in aid over two decades.
Hours before diplomats gathered at the US Embassy in Palau to toast the agreement, the island nation was hit by an enormous cyberattack. More than 20,000 documents were stolen from the government.
A few weeks later, in April, they appeared on the dark web. There was a presentation about a US radar installation on Palau marked, “For Official Use Only.”
There were crew lists of Japanese navy ships that had visited Palau. And there were hundreds of documents detailing the close relationship between Palau and Taiwan.
Palau is one of the few countries in the world that recognize Taiwan as an independent democracy. The leaders of Palau say the hack was orchestrated by China, which claims Taiwan as its territory, and was meant to send a message.
Beijing has enticed other countries, like Nauru, another Pacific nation, to sever ties with Taiwan.
China rejected the accusation, and experts say that Palau has not presented any evidence that implicates Beijing. A ransomware group known as DragonForce has claimed responsibility, saying it carried out the hack purely for financial gain.
The group has threatened to do more harm to Palau.
Whatever the motivation, the breach presents a danger to the United States. Hackers could use the information gleaned from it to tailor more sophisticated phishing attacks, experts said.
And regardless of whether DragonForce was acting alone, the episode is another reminder of the threat of mercenary hackers.
Officials in Palau, which hosts US military installations and occupies crucial shipping lanes that would be used to defend Taiwan in a conflict, say the attack was politically driven and that China was involved.
“Everything points in that direction,” President Surangel Whipps Jr. of Palau said in an interview. “It is unfortunate that China would do things like this,” he said, adding Palau’s relationship with Taiwan remained “stronger than ever.”
In a statement, China’s Foreign Ministry said, “It is extremely irresponsible for Palau to jump to conclusions and make unfounded accusations and smears against China without valid evidence.”
Lying about 550 miles east of the Philippines, Palau was administered by the United States in the decades after World War II. It became independent in 1994 but has maintained close ties with Washington through an agreement known as “free association.”
This gives Palauans the right to work, live and study in the United States, which funds the local government and gets military access to the archipelago of about 20,000 people. Its nearest neighbors, Micronesia and the Marshall Islands, have a similar relationship with the United States.
Palau is set to receive about $900 million in aid from the United States over two decades. But the monthslong delay in the approval of the agreement had raised fears that China could wrestle an advantage in the region.
Taiwan also gives financial aid to Palau, and some of the leaked documents showed how it had financed Palau’s presence at international forums such as the United Nations and the COP climate summits.
Taiwan is excluded from these gatherings because of objections from Beijing.
While most countries treat Taiwan as a sovereign state, very few officially recognize it as one. The United States has described its ties with Taiwan as a “robust unofficial relationship.”
When asked to comment on the breach in Palau, a Pentagon spokesperson referred questions to US Cyber Command, which declined to comment.
The leaked documents could also pose a risk for other countries. They include diplomatic communications with countries such as Japan, Israel and the US going back to the mid-2000s.
Identification details of the high-ranking Japanese military officials, some US troops and a Saudi Arabian diplomatic delegation were also posted online.
“It could affect Japan and Taipei, if they are not careful,” said Hideyuki Shiozawa, a former Japanese diplomat and a Pacific expert at the Sasakawa Peace Foundation in Tokyo, referring to poor cybersecurity in the Pacific Islands.
The hack, one Palauan official said, was political because DragonForce had made no effort to negotiate a ransom.
Additionally, by using a ransomware group, Beijing reduced the risk of a diplomatic incident with Washington, according to the official, Jay Anson, the chief information security officer at the Palau Ministry of Finance.
“We assessed that they must be getting paid by someone else to make this lucrative,” said Anson, whose ministry was the one the documents were stolen from. “It was about politics, not payment.”
Experts said that Palau could have been targeted by China, but it would be unusual to subcontract out a cyberattack to a ransomware group.
Jon DiMaggio, a former US intelligence community analyst who is now the chief security strategist at the cybersecurity firm Analyst1, said he had seen the documents, and those related to Taiwan could be of interest to China.
He said Palau officials had not shared details with experts to support the allegations. But he added that one reason for a state actor to use a group like DragonForce, instead of covert espionage, would be to publicly embarrass the target.
“If they had used a ransomware group as a contractor, there would have to be a motivation there, because they know that this would be loud and visual,” he said. “It is possible — if they intentionally wanted to make that point.”
Allan Liska, an analyst at the cybersecurity firm Recorded Future, also said that Palau needed to share more details to convince him and others of its interpretation, but agreed that this motivation was possible.
“If your goal is propaganda, then the hack and leak nature of ransomware lends itself well to that,” he added.
Whipps also accused Beijing of meddling in Palau’s domestic affairs, an accusation the Chinese ministry did not address in its statement.
While he was a presidential candidate, he said, he received a phone call from the Chinese ambassador in Micronesia, who urged him to cut ties with Taiwan if elected.
“He called me and said: ‘You’re a businessman. You understand the potential that China has? If you need a million tourists, we can give you a million tourists. We can build every hotel that you need.
It is basic economics. We have 1.5 billion people, Taiwan has 22 million people,’” Whipps recalled.
Then, Whipps said, the ambassador accused Palau of illegal activity. Whipps asked what the activity was and, he said, the Chinese official replied, “You recognize Taiwan.”