Chinese cyberspies have targeted Cambodian government institutions, opposition party members, diplomats and media, possibly to gather information ahead of elections later this month, cybersecurity firm FireEye Inc said.
The hacks are suspected to come from a Chinese cyberespionage group known as TEMP.Periscope, a report by FireEye said.
The firm had previously linked the same group to attacks on targets including US engineering and defense companies with interests in the South China Sea.
The attacks come as Cambodian Prime Minister Hun Sen seeks re-election on July 29 in a campaign bereft of an effective opposition since the dissolution of the Cambodia National Rescue Party (CNRP) and the arrest of its leader Kem Sokha last year over accusations that he plotted with the US to overthrow the government.
The intrusions are the latest example of China’s willingness to use cybertools to obtain information at sensitive times when its interests are at stake: Chinese cyberspies targeted Taiwanese opposition parties during the 2015 presidential and legislative elections and earlier this year sought information from Japanese defense companies about Tokyo’s policy toward resolving the North Korean nuclear impasse.
“We expect this activity to provide the Chinese government with widespread visibility into Cambodian elections and government operations,” said Ben Read, senior manager of FireEye iSight Intelligence’s cyberespionage team in Reston, Virginia. “The compromises fit the overall MO of Chinese espionage in that they gather up all the information that they can.”
One target, Monavithya Kem, the daughter of Kem Sokha, became aware she was under attack from a phishing e-mail when she noticed its address was not from the human rights organization that was supposed to have sent it. She was in Washington at the time.
The e-mail was sent to FireEye, which traced it to one of three servers it believes is controlled by the Chinese hackers.
“Initially I thought it was from the ruling party, but it is very disturbing to know it is coming from a foreign entity,” said Monavithya Kem, a CNRP official who faces arrest if she returns to her country.
“I hope the Cambodian government will find this disturbing too and that they are reminded it’s important not to fall under the influence of one particular country, where our interests are compromised,” she said.
Under Hun Sen’s three-decade rule, China has become Cambodia’s single biggest donor and foreign investor, eclipsing the US as its top trading partner in 2014. Cambodia has become a key supporter of China’s interests in regional forums such as ASEAN.
Diplomats have long claimed China uses its sway over nations like Cambodia to limit criticism.
As well as opposition members, the Chinese spies targeted the Cambodian National Election Commission, Ministry of the Interior, Ministry of Foreign Affairs and International Cooperation, Ministry of Economics and Finance and the Senate, human rights groups and media organizations, FireEye said, adding that it has made these entities aware of the hacks.
Neither Cambodian government spokesman Phay Siphan nor the Ministry of Foreign Affairs responded to e-mails seeking comment.
TEMP.Periscope’s three servers are “open indexed,” which means that they are accessible to anyone on the public Internet, yielding a cache of information on the group’s objectives, operational tactics and technical information, Read said.
“This type of trade-craft mistake offers valuable insight into a group’s operations since, unlike data contained in spear phishes, malicious actors do not anticipate this data being analyzed by researchers,” Read said.
One of the IP addresses came from Hainan island, he added.
The Chinese Ministry of Foreign Affairs did not respond to faxed questions.
Fireye’s analysis of the servers showed that the group was mostly engaged in gathering and downloading information, and there was no evidence of tampering.
Female flight attendants working for Japan Airlines would next month be allowed to wear trousers and abandon high heels, the company said on Thursday, after a feminist campaign took off. The airline became one of the first major Japanese firms to announce the shift after a campaign known as #KuToo last year rejected mandatory high heels at work, drawing more than 32,000 signatures in an online petition. The campaign is part of a wider feminism movement in Japan, with Japan Airlines saying that the new policy was aimed at boosting a “diverse working environment.” PANTS PERMIT “This will be the first time to introduce
FATAL IDEA: The nation’s drugs regulator is curbing use of hydroxychloroquine, which Donald Trump has promoted for its alleged potential to treat COVID-19 Australia’s drug regulator has been forced to restrict powers to prescribe a drug undergoing clinical trials to treat COVID-19, because doctors have been inappropriately prescribing it to themselves and their family members, despite potentially deadly side effects. The anti-malarial drug hydroxychloroquine and the similar compound chloroquine are currently used mostly for patients with autoimmune diseases such as rheumatoid arthritis, but stocks in Australia have been diminished thanks to global publicity — including from US President Donald Trump — about the potential of the drug to treat COVID-19. Hydroxychloroquine and chloroquine have potentially severe and even deadly side effects if used inappropriately, including
PORNHUB: Campaigners warn that videos of serious crimes, such as rape, are being uploaded to the site, which has failed to ban or moderate illegal content British lawmakers and campaigners are calling for urgent action to stop videos of rape, revenge porn and child abuse being posted on Pornhub as traffic to the site booms amid a worldwide COVID-19 lockdown. Pornhub’s traffic is up a record 12 percent this month compared with last month, as millions of people across the world are told to stay in their homes. Pornhub owner Mindgeek has used the coronavirus lockdowns to promote its site, giving free Premium access to people living in isolation in Italy, Spain and France. The offer has led to a huge increase in visits to the site from affected
TARGETED: Although hackers are known to be seeking to capitalize on concern over COVID-19, a cybersecurity expert said he had never seen anything to this extent before Elite hackers tried to break into the WHO earlier this month, sources said, part of what a senior agency official said was a more than two-fold increase in cyberattacks. The identity of the hackers was unclear and the effort was unsuccessful, WHO Chief Information Security Officer Flavio Aggio said. However, he warned that hacking attempts against the agency and its partners have soared as they battle to contain COVID-19, which has killed more than 15,000 worldwide. The attempted break-in at the WHO was first flagged to Reuters by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group,