Chinese hackers breach Cambodian election organizations: analysis

Hackers believed to be linked to the Chinese government recently broke into Cambodian organizations involved in the country’s upcoming elections, according to U.S.-based cybersecurity firm FireEye.

{mosads}The new revelations are a sign that the Chinese espionage group is expanding operations beyond its usual targets, which have included defense and maritime organizations in the U.S. and Europe. 

The hackers successfully breached multiple entities in Cambodia involved in government operations and the country’s upcoming general elections, which are scheduled for July 29, according to researchers at FireEye who analyzed command-and-control servers used to launch malware in the attacks. The cyber firm also tracked a separate phishing email campaign targeting opposition figures in Cambodia. 

“The targeting of the election commission is particularly significant, given the critical role it plays in facilitating voting,” FireEye said in research published late Tuesday. “There is not yet enough information to determine why the organization was compromised – simply gathering intelligence or as part of a more complex operation.” 

The hacker group, which FireEye dubs “TEMP.Periscope,” successfully compromised systems belonging to Cambodia’s National Election Commission as well as the Ministries of Foreign Affairs, Interior, and Economics and Finance and Cambodian media organizations. 

The espionage group also broke into systems used by a member of Cambodia’s parliament, two Cambodian diplomats operating overseas and Cambodian human rights and democracy advocates, according to the research.

Ben Read, senior manager of cyber espionage analysis at FireEye, said that the firm has “high confidence” the group is acting on behalf of Beijing’s government.

“The information sought by the group would be most useful to a government and does not have a clear monetary value,” Read said.

The hacker group used the same cyber tools in digital attacks against other organizations researchers have observed the group targeting — such as U.S. defense firms and a chemical company based in Europe.

In March, Fireye detected the hacking group launching attacks against U.S.-based maritime and engineering-focused entities, in an apparent effort to glean information relevant to the ongoing South China Sea dispute.

“We expect this activity to provide the Chinese government with widespread visibility into Cambodia elections and government operations,” FireEye’s report said. “Additionally, this group is clearly able to run several large-scale intrusions concurrently across a wide range of victim types.” 

A spokesperson for the Chinese Embassy did not immediately return a request for comment. 

The details come amid heightened awareness of foreign influence efforts targeting elections, following Russia’s alleged campaign to meddle in the 2016 U.S. presidential election. As part of the effort, Moscow-linked hackers targeted state election systems, and in one case penetrated a voter database in Illinois.