Chinese Hackers Target Cambodian Elections

Uploaded on 2018-07-25 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Chinese cyber spies have targeted Cambodian government institutions, opposition party members, diplomats and media, possibly to gather information ahead of elections later this month, according to cybersecurity firm FireEye Inc.

The hacks are suspected to come from a Chinese cyber espionage group known as TEMP.Periscope, according to a report by FireEye, which had previously linked the same group to attacks on targets including US engineering and defense companies with interests in the South China Sea, a key transport waterway that China claims mostly for itself.

The attacks come as Asia’s longest-serving Prime Minister Hun Sen seeks re-election on July 29 in a campaign bereft of an effective opposition since the dissolution of the Cambodia National Rescue Party and the arrest of its leader Kem Sokha last year over accusations that he plotted with the US to overthrow the government.

The intrusions are the latest example of China’s willingness to use cyber tools to obtain information at sensitive times when its interests are at stake: Chinese cyber spies targeted Taiwan opposition parties during the 2015 presidential and legislative elections and earlier this year sought information from Japanese defense companies about Tokyo’s policy toward resolving the North Korean nuclear impasse.

“We expect this activity to provide the Chinese government with widespread visibility into Cambodian elections and government operations,” said Ben Read, senior manager of FireEye iSIGHT Intelligence’s cyber espionage team in Reston, Virginia. “The compromises fit the overall MO of Chinese espionage in that they gather up all the information that they can.”

One target, Monavithya Kem, daughter of Kem Sokha, became aware she was under attack from a so-called phishing email when she noticed its address wasn’t from the human rights organisation that was supposed to have sent it.

Kem was in Washington at the time. The email was sent to FireEye, which traced it to one of three servers it believes is controlled by the Chinese hackers.

“Initially I thought it was from the ruling party, but it is very disturbing to know it is coming from a foreign entity,” said Kem, an official in CNRP who faces arrest should she return to her country.

“I hope the Cambodian government will find this disturbing too and that they are reminded it’s important not to fall under the influence of one particular country, where our interests are compromised.”

Under Hun Sen’s three-decade rule, China has become Cambodia’s single biggest donor and foreign investor, eclipsing the US as its top trading partner in 2014. Cambodia has become a key supporter of China’s interests in regional forums such as the Association Southeast Asian Nations. Diplomats have long claimed China uses its sway over nations like Cambodia to limit criticism.

As well as opposition members, the Chinese spies targeted Cambodia’s National Election Commission, Ministry of the Interior, Ministry of Foreign Affairs and International Cooperation, Ministry of Economics and Finance and the Senate, human rights groups and media organisations, according to FireEye, which said it has made these entities aware of the hacks.

Neither Cambodia’s government spokesman Phay Siphan or the Ministry of Foreign Affairs responded to emails seeking comment.

TEMP.Periscope’s three servers had been “open indexed,” which meant that they were accessible to anyone on the public Internet, yielding a cache of information on the group’s objectives, operational tactics and technical information, according to Read.

“This type of trade-craft mistake offers valuable insight into a group’s operations since, unlike data contained in spear phishes, malicious actors do not anticipate this data being analysed by researchers,” Read said. One of the IP addresses came from Hainan island, he said.

China’s foreign ministry didn’t respond to faxed questions.

FireEye’s analysis of the servers had shown the group was engaged mostly in gathering and downloading information, and there was no evidence of tampering.

Mandiant, a unit of FireEye, alleged in 2013 that China’s military might have been behind a group that had hacked at least 141 companies worldwide since 2006. The US issued indictments against five military officials who were purported to be members of that group.

Bloomberg

You Might Also Read: 

Cambodia’s Cyber War Room:

 

« Facebook & Fake News
UK Business Is Overconfident About Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

F5 Networks

F5 Networks

F5 products ensure that network applications are always secure and perform the way they should—anywhere, any time, and on any device.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

The mission of the PNP Anti-Cybercrime Group is to implement and enforce pertinent laws on cybercrime and other cyber related crimes and pursue an effective anti-cybercrime campaign.

Cyan Securiy Group

Cyan Securiy Group

Cyan provide best-in-class cyber security solutions for mobile Internet and mobile devices that are extremely effective and highly intuitive in their use.

SecureNation

SecureNation

SecureNation offers a wide variety of cutting-edge technologies and IT services to address almost any of your information security, network security and information assurance needs.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

Kobalt.io

Kobalt.io

Kobalt are bringing the monitoring capabilities of enterprise-class security teams to smaller organizations.

Zenity

Zenity

Zenity is the first and only security governance platform for low-code/no-code applications.

Cyrex

Cyrex

Cyrex is a Web3 security and development company. Our mastery over decentralized applications, smart contracts and blockchain will keep you secure across Web3.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.

Dynamic Standards International (DSI)

Dynamic Standards International (DSI)

Dynamic Standards International is a global standards development organization which develops certifiable ‘dynamic standards’ that pace with fast-evolving landscapes.