Chinese Hackers Target Cambodian Elections

Uploaded on 2018-07-25 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Chinese cyber spies have targeted Cambodian government institutions, opposition party members, diplomats and media, possibly to gather information ahead of elections later this month, according to cybersecurity firm FireEye Inc.

The hacks are suspected to come from a Chinese cyber espionage group known as TEMP.Periscope, according to a report by FireEye, which had previously linked the same group to attacks on targets including US engineering and defense companies with interests in the South China Sea, a key transport waterway that China claims mostly for itself.

The attacks come as Asia’s longest-serving Prime Minister Hun Sen seeks re-election on July 29 in a campaign bereft of an effective opposition since the dissolution of the Cambodia National Rescue Party and the arrest of its leader Kem Sokha last year over accusations that he plotted with the US to overthrow the government.

The intrusions are the latest example of China’s willingness to use cyber tools to obtain information at sensitive times when its interests are at stake: Chinese cyber spies targeted Taiwan opposition parties during the 2015 presidential and legislative elections and earlier this year sought information from Japanese defense companies about Tokyo’s policy toward resolving the North Korean nuclear impasse.

“We expect this activity to provide the Chinese government with widespread visibility into Cambodian elections and government operations,” said Ben Read, senior manager of FireEye iSIGHT Intelligence’s cyber espionage team in Reston, Virginia. “The compromises fit the overall MO of Chinese espionage in that they gather up all the information that they can.”

One target, Monavithya Kem, daughter of Kem Sokha, became aware she was under attack from a so-called phishing email when she noticed its address wasn’t from the human rights organisation that was supposed to have sent it.

Kem was in Washington at the time. The email was sent to FireEye, which traced it to one of three servers it believes is controlled by the Chinese hackers.

“Initially I thought it was from the ruling party, but it is very disturbing to know it is coming from a foreign entity,” said Kem, an official in CNRP who faces arrest should she return to her country.

“I hope the Cambodian government will find this disturbing too and that they are reminded it’s important not to fall under the influence of one particular country, where our interests are compromised.”

Under Hun Sen’s three-decade rule, China has become Cambodia’s single biggest donor and foreign investor, eclipsing the US as its top trading partner in 2014. Cambodia has become a key supporter of China’s interests in regional forums such as the Association Southeast Asian Nations. Diplomats have long claimed China uses its sway over nations like Cambodia to limit criticism.

As well as opposition members, the Chinese spies targeted Cambodia’s National Election Commission, Ministry of the Interior, Ministry of Foreign Affairs and International Cooperation, Ministry of Economics and Finance and the Senate, human rights groups and media organisations, according to FireEye, which said it has made these entities aware of the hacks.

Neither Cambodia’s government spokesman Phay Siphan or the Ministry of Foreign Affairs responded to emails seeking comment.

TEMP.Periscope’s three servers had been “open indexed,” which meant that they were accessible to anyone on the public Internet, yielding a cache of information on the group’s objectives, operational tactics and technical information, according to Read.

“This type of trade-craft mistake offers valuable insight into a group’s operations since, unlike data contained in spear phishes, malicious actors do not anticipate this data being analysed by researchers,” Read said. One of the IP addresses came from Hainan island, he said.

China’s foreign ministry didn’t respond to faxed questions.

FireEye’s analysis of the servers had shown the group was engaged mostly in gathering and downloading information, and there was no evidence of tampering.

Mandiant, a unit of FireEye, alleged in 2013 that China’s military might have been behind a group that had hacked at least 141 companies worldwide since 2006. The US issued indictments against five military officials who were purported to be members of that group.

Bloomberg

You Might Also Read: 

Cambodia’s Cyber War Room:

 

« Facebook & Fake News
UK Business Is Overconfident About Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Information Risk Management (IRM)

Information Risk Management (IRM)

IRM is an international consultancy dedicated to helping organisations solve key business issues. We provide strategic cyber security advice across a wide range of sectors.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

Giesecke+Devrient (G+D)

Giesecke+Devrient (G+D)

Giesecke+Devrient develop security technologies in four major areas: enabling secure payment, providing trusted connectivity, safeguarding identities and protecting digital infrastructures.

Gemserv

Gemserv

Gemserv is a specialist market design, governance and assurance services consultancy.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

Association of anti Virus Asia Researchers (AVAR)

Association of anti Virus Asia Researchers (AVAR)

AVAR's mission is to prevent the spread of and damage caused by malicious software, and to develop cooperative relationships among anti-malware experts in Asia.

LimaCharlie

LimaCharlie

LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility, build what you want, control your data, get the security capabilities you need.

EDGE Group

EDGE Group

EDGE is one of the world’s leading advanced technology groups, established to develop agile, bold and disruptive solutions for defence and beyond.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

Databarracks

Databarracks

Databarracks deliver award winning IT resilience and continuity services. We help organisations get the most out of the cloud and protect their data, wherever it lives.