Chinese Hackers Target Cambodian Elections

Uploaded on 2018-07-25 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Chinese cyber spies have targeted Cambodian government institutions, opposition party members, diplomats and media, possibly to gather information ahead of elections later this month, according to cybersecurity firm FireEye Inc.

The hacks are suspected to come from a Chinese cyber espionage group known as TEMP.Periscope, according to a report by FireEye, which had previously linked the same group to attacks on targets including US engineering and defense companies with interests in the South China Sea, a key transport waterway that China claims mostly for itself.

The attacks come as Asia’s longest-serving Prime Minister Hun Sen seeks re-election on July 29 in a campaign bereft of an effective opposition since the dissolution of the Cambodia National Rescue Party and the arrest of its leader Kem Sokha last year over accusations that he plotted with the US to overthrow the government.

The intrusions are the latest example of China’s willingness to use cyber tools to obtain information at sensitive times when its interests are at stake: Chinese cyber spies targeted Taiwan opposition parties during the 2015 presidential and legislative elections and earlier this year sought information from Japanese defense companies about Tokyo’s policy toward resolving the North Korean nuclear impasse.

“We expect this activity to provide the Chinese government with widespread visibility into Cambodian elections and government operations,” said Ben Read, senior manager of FireEye iSIGHT Intelligence’s cyber espionage team in Reston, Virginia. “The compromises fit the overall MO of Chinese espionage in that they gather up all the information that they can.”

One target, Monavithya Kem, daughter of Kem Sokha, became aware she was under attack from a so-called phishing email when she noticed its address wasn’t from the human rights organisation that was supposed to have sent it.

Kem was in Washington at the time. The email was sent to FireEye, which traced it to one of three servers it believes is controlled by the Chinese hackers.

“Initially I thought it was from the ruling party, but it is very disturbing to know it is coming from a foreign entity,” said Kem, an official in CNRP who faces arrest should she return to her country.

“I hope the Cambodian government will find this disturbing too and that they are reminded it’s important not to fall under the influence of one particular country, where our interests are compromised.”

Under Hun Sen’s three-decade rule, China has become Cambodia’s single biggest donor and foreign investor, eclipsing the US as its top trading partner in 2014. Cambodia has become a key supporter of China’s interests in regional forums such as the Association Southeast Asian Nations. Diplomats have long claimed China uses its sway over nations like Cambodia to limit criticism.

As well as opposition members, the Chinese spies targeted Cambodia’s National Election Commission, Ministry of the Interior, Ministry of Foreign Affairs and International Cooperation, Ministry of Economics and Finance and the Senate, human rights groups and media organisations, according to FireEye, which said it has made these entities aware of the hacks.

Neither Cambodia’s government spokesman Phay Siphan or the Ministry of Foreign Affairs responded to emails seeking comment.

TEMP.Periscope’s three servers had been “open indexed,” which meant that they were accessible to anyone on the public Internet, yielding a cache of information on the group’s objectives, operational tactics and technical information, according to Read.

“This type of trade-craft mistake offers valuable insight into a group’s operations since, unlike data contained in spear phishes, malicious actors do not anticipate this data being analysed by researchers,” Read said. One of the IP addresses came from Hainan island, he said.

China’s foreign ministry didn’t respond to faxed questions.

FireEye’s analysis of the servers had shown the group was engaged mostly in gathering and downloading information, and there was no evidence of tampering.

Mandiant, a unit of FireEye, alleged in 2013 that China’s military might have been behind a group that had hacked at least 141 companies worldwide since 2006. The US issued indictments against five military officials who were purported to be members of that group.

Bloomberg

You Might Also Read: 

Cambodia’s Cyber War Room:

 

« Facebook & Fake News
UK Business Is Overconfident About Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Tufin

Tufin

Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment.

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

Green Hills Software

Green Hills Software

Green Hills Software is the largest independent vendor of embedded secure software solutions for applications including the Internet of Things.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

Brainloop

Brainloop

Brainloop's security architecture enables you to work on and distribute strictly confidential documents both within and beyond the firewall.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Intel Ignite

Intel Ignite

Intel Ignite is an internationally renowned acceleration program for early-stage deep tech startups.

Orca Technology

Orca Technology

Orca is a UK-based Managed Service Provider delivering end-to-end managed IT services, support, hosted desktop, cloud solutions and strategic guidance.

Alset Technologies

Alset Technologies

Alset Technologies provides DASH - a comprehensive solution to DISA STIG (Security Technical Implementation Guide) compliance.

Pacific Certifications

Pacific Certifications

Pacific Certifications provide accredited certification, training and support services to help you improve processes, performance and products and services.

Network Coverage

Network Coverage

Network Coverage align, maintain, and integrate technology and cloud solutions with business operations to improve productivity and security with as few issues and disruptions as possible.

Cyberagentur (Cyber Agency)

Cyberagentur (Cyber Agency)

Cyberagentur is the Federal Agency in Germany for innovation in cybersecurity. Our mission is to advance research and groundbreaking innovations in the field of cybersecurity and related technologies.