Chinese hackers infiltrated Cambodia politics
Beijing – Last month, the daughter of a jailed Cambodian opposition party leader received an email from a well-seeming activist at a reputed Cambodian non-profit. For weeks, the sender nudged Monovithya Kem to open an attachment described as containing interview questions.
Kem suspected a trap set by Cambodian hackers seeking access to her computer. But a monthslong investigation by California security-research firm FireEye revealed that Kem was among several Cambodians likely targeted by a far more formidable actor: China.
FireEye said Wednesday it found evidence that a Chinese hacking team it believes is linked to Beijing has penetrated computer systems belonging to Cambodia’s election commission, opposition leaders and media in the months leading up to Cambodia’s July 29 election. Investigators could not immediately tell what, if any, data had been stolen or altered.
The Foreign Ministry in China has rejected these allegations.
Although FireEye did not find evidence that the Chinese hackers are working to sway the Cambodian elections in the ruling party’s favor, the revelations may cast a murky geopolitical shadow over the elections critics already say will be neither free nor fair.
Prime Minister Hun Sen, one of the world’s longest-serving rulers and a staunch ally of Beijing, faced what analysts predicted would have been a tight race before he jailed opposition leader Kem Sokha last year, accusing him of treason.
After the European Union and the United States withdrew their support for the election, China stepped in to donate $20 million to Cambodia’s National Election Committee, said Hang Puthea, a spokesman for the body. China also last year pledged $100 million in military aid.
Monovithya Kem, the daughter of Kem Sokha and an official in his now-disbanded Cambodia National Rescue Party, said she has frequently been targeted by Cambodian hackers in the past, but the revelation of potential Chinese involvement shocked her.
“To know that a foreign group is specifically trying to get information from me – now that’s scary,” Kem said by phone from Washington, where she is based. “What you’re dealing with is suddenly bigger.”
FireEye’s head of cyberspying analysis Benjamin Read said malware-ridden files sent to Cambodian targets were traced by his team to an unsecured server operated by the Chinese hacking group TEAM.Periscope.
On the hackers’ server, FireEye researchers found records showing that the group had compromised Cambodia’s election commission and several Cambodian ministries. The servers’ access logs in one instance traced to an IP address in China’s southern Hainan island, said Read, who described TEAM.Periscope as the second most active Chinese hacking group FireEye has traced.
FireEye says the group appears state-linked because it seems to be seeking information that would benefit the Chinese government.
“They don’t go for credit card numbers of bank account numbers, they go for information that’s of use to a government,” Read said. “We saw them use the same infrastructure to target the Cambodia government and private companies. It suggests the Chinese government doesn’t draw a line between political espionage versus commercial espionage.”
FireEye has previously found that TEAM.Periscope sought maritime technology from U.S. and European defense firms and other institutions with projects in the contested South China Sea.
China’s Foreign Ministry said in a statement that it is not aware of TEAM.Periscope and resolutely opposes cyberattacks as a general principle. “China calls on the international community to combat cybersecurity threats on a respectful, equal and mutually beneficial basis,” it said.
Copyright 2018 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.