Chinese cyberspies have targeted Cambodian government institutions, opposition party members, diplomats and media, possibly to gather information ahead of elections later this month, cybersecurity firm FireEye Inc said.
The hacks are suspected to come from a Chinese cyberespionage group known as TEMP.Periscope, a report by FireEye said.
The firm had previously linked the same group to attacks on targets including US engineering and defense companies with interests in the South China Sea.
The attacks come as Cambodian Prime Minister Hun Sen seeks re-election on July 29 in a campaign bereft of an effective opposition since the dissolution of the Cambodia National Rescue Party (CNRP) and the arrest of its leader Kem Sokha last year over accusations that he plotted with the US to overthrow the government.
The intrusions are the latest example of China’s willingness to use cybertools to obtain information at sensitive times when its interests are at stake: Chinese cyberspies targeted Taiwanese opposition parties during the 2015 presidential and legislative elections and earlier this year sought information from Japanese defense companies about Tokyo’s policy toward resolving the North Korean nuclear impasse.
“We expect this activity to provide the Chinese government with widespread visibility into Cambodian elections and government operations,” said Ben Read, senior manager of FireEye iSight Intelligence’s cyberespionage team in Reston, Virginia. “The compromises fit the overall MO of Chinese espionage in that they gather up all the information that they can.”
One target, Monavithya Kem, the daughter of Kem Sokha, became aware she was under attack from a phishing e-mail when she noticed its address was not from the human rights organization that was supposed to have sent it. She was in Washington at the time.
The e-mail was sent to FireEye, which traced it to one of three servers it believes is controlled by the Chinese hackers.
“Initially I thought it was from the ruling party, but it is very disturbing to know it is coming from a foreign entity,” said Monavithya Kem, a CNRP official who faces arrest if she returns to her country.
“I hope the Cambodian government will find this disturbing too and that they are reminded it’s important not to fall under the influence of one particular country, where our interests are compromised,” she said.
Under Hun Sen’s three-decade rule, China has become Cambodia’s single biggest donor and foreign investor, eclipsing the US as its top trading partner in 2014. Cambodia has become a key supporter of China’s interests in regional forums such as ASEAN.
Diplomats have long claimed China uses its sway over nations like Cambodia to limit criticism.
As well as opposition members, the Chinese spies targeted the Cambodian National Election Commission, Ministry of the Interior, Ministry of Foreign Affairs and International Cooperation, Ministry of Economics and Finance and the Senate, human rights groups and media organizations, FireEye said, adding that it has made these entities aware of the hacks.
Neither Cambodian government spokesman Phay Siphan nor the Ministry of Foreign Affairs responded to e-mails seeking comment.
TEMP.Periscope’s three servers are “open indexed,” which means that they are accessible to anyone on the public Internet, yielding a cache of information on the group’s objectives, operational tactics and technical information, Read said.
“This type of trade-craft mistake offers valuable insight into a group’s operations since, unlike data contained in spear phishes, malicious actors do not anticipate this data being analyzed by researchers,” Read said.
One of the IP addresses came from Hainan island, he added.
The Chinese Ministry of Foreign Affairs did not respond to faxed questions.
Fireye’s analysis of the servers showed that the group was mostly engaged in gathering and downloading information, and there was no evidence of tampering.
‘WOULD NOT COMPLY’: The company’s user data are kept in Singapore and it would not turn the data over to Beijing even if asked, TikTok chief executive Kevin Mayer said Social media app TikTok has distanced itself from Beijing after India banned 59 Chinese apps in the country, according to a correspondence seen by Reuters. In a letter to the Indian government dated on Sunday last week and seen by Reuters on Friday, TikTok chief executive Kevin Mayer said the Chinese government has never requested user data, nor would the company turn it over if asked. TikTok, which is not available in China, is owned by China’s ByteDance, but has sought to distance itself from its Chinese roots to appeal to a global audience. Along with 58 other Chinese apps, including Tencent
‘FIGHT FOR FREEDOM’: Hong Kongers will never bow to Beijing, the advocate said, while the US’ envoy to the territory called China’s new security law a ‘tragedy’ The world must stand in solidarity with Hong Kongers after Beijing imposed sweeping national security legislation on the semi-autonomous territory, advocate Joshua Wong (黃之鋒) said yesterday, vowing to continue campaigning for democracy. Wong, one of the territory’s most prominent young advocates and a figure loathed by Beijing, was speaking outside a court where he and fellow advocates are being prosecuted for involvement in last year’s pro-democracy protests. China last week enacted sweeping security legislation for the restless territory, banning acts of subversion, secession, terrorism and collusion with foreign forces. The legislation has sent a wave of fear through the territory, and criminalized dissenting
FOX HUNT: To suppress dissent, Chinese living abroad that Xi Jinping sees as threats are told to either return to China or commit suicide, Christopher Wray said Chinese agents have been pursuing hundreds of Chinese nationals living in the US in an effort to force their return, as part of a global campaign against the country’s diaspora, known as Operation Fox Hunt, FBI Director Christopher Wray said on Tuesday. In a speech about the security threat posed by China, during which he said Beijing’s counterintelligence work was the “greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality,” Wray gave the example of one Fox Hunt target who was given a choice of going back to China or killing themselves. Fox Hunt was launched
A squad of gun-toting police officers patrolled Myanmar’s sacred site of Bagan under the cover of night, taking on plunderers snatching relics from temples forsaken by tourists due to COVID-19 restrictions. Each evening as dusk falls, about 100 officers fan out across the plain of Bagan covering 50km2, sweeping flashlights over the crumbling monuments to scour for intruders. “Our security forces are patrolling day and night,” Police Lieutenant Colonel Sein Win told reporters. “We have it under control for the moment, but it’s a challenge.” The central Burmese city is strewn with more than 3,500 ancient monuments — stupas, temples, murals and sculptures