Chinese Hackers Target Cambodian Elections

Uploaded on 2018-07-25 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Chinese cyber spies have targeted Cambodian government institutions, opposition party members, diplomats and media, possibly to gather information ahead of elections later this month, according to cybersecurity firm FireEye Inc.

The hacks are suspected to come from a Chinese cyber espionage group known as TEMP.Periscope, according to a report by FireEye, which had previously linked the same group to attacks on targets including US engineering and defense companies with interests in the South China Sea, a key transport waterway that China claims mostly for itself.

The attacks come as Asia’s longest-serving Prime Minister Hun Sen seeks re-election on July 29 in a campaign bereft of an effective opposition since the dissolution of the Cambodia National Rescue Party and the arrest of its leader Kem Sokha last year over accusations that he plotted with the US to overthrow the government.

The intrusions are the latest example of China’s willingness to use cyber tools to obtain information at sensitive times when its interests are at stake: Chinese cyber spies targeted Taiwan opposition parties during the 2015 presidential and legislative elections and earlier this year sought information from Japanese defense companies about Tokyo’s policy toward resolving the North Korean nuclear impasse.

“We expect this activity to provide the Chinese government with widespread visibility into Cambodian elections and government operations,” said Ben Read, senior manager of FireEye iSIGHT Intelligence’s cyber espionage team in Reston, Virginia. “The compromises fit the overall MO of Chinese espionage in that they gather up all the information that they can.”

One target, Monavithya Kem, daughter of Kem Sokha, became aware she was under attack from a so-called phishing email when she noticed its address wasn’t from the human rights organisation that was supposed to have sent it.

Kem was in Washington at the time. The email was sent to FireEye, which traced it to one of three servers it believes is controlled by the Chinese hackers.

“Initially I thought it was from the ruling party, but it is very disturbing to know it is coming from a foreign entity,” said Kem, an official in CNRP who faces arrest should she return to her country.

“I hope the Cambodian government will find this disturbing too and that they are reminded it’s important not to fall under the influence of one particular country, where our interests are compromised.”

Under Hun Sen’s three-decade rule, China has become Cambodia’s single biggest donor and foreign investor, eclipsing the US as its top trading partner in 2014. Cambodia has become a key supporter of China’s interests in regional forums such as the Association Southeast Asian Nations. Diplomats have long claimed China uses its sway over nations like Cambodia to limit criticism.

As well as opposition members, the Chinese spies targeted Cambodia’s National Election Commission, Ministry of the Interior, Ministry of Foreign Affairs and International Cooperation, Ministry of Economics and Finance and the Senate, human rights groups and media organisations, according to FireEye, which said it has made these entities aware of the hacks.

Neither Cambodia’s government spokesman Phay Siphan or the Ministry of Foreign Affairs responded to emails seeking comment.

TEMP.Periscope’s three servers had been “open indexed,” which meant that they were accessible to anyone on the public Internet, yielding a cache of information on the group’s objectives, operational tactics and technical information, according to Read.

“This type of trade-craft mistake offers valuable insight into a group’s operations since, unlike data contained in spear phishes, malicious actors do not anticipate this data being analysed by researchers,” Read said. One of the IP addresses came from Hainan island, he said.

China’s foreign ministry didn’t respond to faxed questions.

FireEye’s analysis of the servers had shown the group was engaged mostly in gathering and downloading information, and there was no evidence of tampering.

Mandiant, a unit of FireEye, alleged in 2013 that China’s military might have been behind a group that had hacked at least 141 companies worldwide since 2006. The US issued indictments against five military officials who were purported to be members of that group.

Bloomberg

You Might Also Read: 

Cambodia’s Cyber War Room:

 

« Facebook & Fake News
UK Business Is Overconfident About Cybersecurity »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Bsquare

Bsquare

Bsquare DataV software and engineering services help enterprises implement business-focused Internet of Things systems.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

Blockchain Slovakia

Blockchain Slovakia

Blockchain Slovakia is a non-profit organization that brings together researchers, developers, entrepreneurs, regulators, investors and the public to support blockchain technology in Slovakia.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

AKATI Sekurity

AKATI Sekurity

AKATI Sekurity is a security-focused consulting firm providing services specializing in Information Security and Information Forensics.

PureCyber

PureCyber

PureCyber (formerly Wolfberry Cyber) is an award-winning cyber security consultancy whose goal it is to make cyber security accessible, understandable, and affordable for any organisation.

NetSPI

NetSPI

NetSPI is an information security penetration testing and vulnerability assessment management advisory firm.

Ridge Global

Ridge Global

Ridge Global works with C-suite executives and corporate directors to build more resilient organizations through innovative preparedness, protection, response and education capabilities.

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professionals advocating for more effective cyber security solutions.

Ekco

Ekco

Ekco is one of Europe’s leading managed cloud providers. With a network of infrastructure and security specialists across Europe, we’ve perfected our approach to supporting digital transformation.

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

CSIRO is Australia's national science agency. We solve the greatest challenges through innovative science and technology.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

LevelBlue

LevelBlue

LevelBlue simplify cybersecurity through award-winning managed security services, experienced strategic consulting, threat intelligence and renowned research.

SOCRadar

SOCRadar

SOCRadar is an Extended Threat Intelligence (XTI) SaaS platform that combines External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence (CTI).

Convergint

Convergint

Convergint is a service-based systems integrator working alongside a global network of partners and manufacturers to deliver a range of solutions including cybersecurity.