Cambodian election hacking traced to China
BEIJING — Last month, the daughter of an jailed Cambodian opposition party leader received an email she thought was from a well-seeming activist at a reputed Cambodian nonprofit. For weeks, the sender nudged Monovithya Kem to open an attachment described as containing interview questions.
Kem suspected a trap set by Cambodian hackers seeking access to her computer. But a monthslong investigation by California security-research firm FireEye revealed that Kem was among several Cambodians likely targeted by a far more formidable actor: China.
FireEye said Wednesday that it found evidence that a Chinese hacking team has penetrated computer systems belonging to Cambodia’s election commission, opposition leaders and media in the months leading up to Cambodia’s July 29 election.
The Chinese Foreign Ministry has rejected the allegations.
Although FireEye did not find evidence that the Chinese hackers are working to sway the Cambodian elections in the ruling party’s favor, the revelations may cast a shadow over elections that critics already say will be neither free nor fair.
Prime Minister Hun Sen, one of the world’s longest-serving rulers and a staunch ally of Beijing, faced what analysts predicted would have been a tight race before he jailed opposition leader Kem Sokha last year, accusing him of treason.
After the European Union and the United States withdrew their support for the election, China stepped in to donate $20 million to Cambodia’s National Election Committee, said Hang Puthea, a spokesman for the body. China last year pledged $100 million in military aid.
Benjamin Read, FireEye’s head of cyberspying analysis, said malware-ridden files sent to Cambodian targets were traced by his team to an unsecured server operated by the Chinese hacking group Team.Periscope.
On the hackers’ server, FireEye researchers found records showing that the group had compromised Cambodia’s election commission and several Cambodian ministries. The servers’ access logs in one instance traced to an IP address in China’s southern Hainan island, said Read, who described Team.Periscope as the second-most-active Chinese hacking group FireEye has traced.
FireEye says the group appears state-linked because it seems to be seeking information that would benefit the Chinese government.
“They don’t go for credit card numbers or bank account numbers; they go for information that’s of use to a government,” Read said. “We saw them use the same infrastructure to target the Cambodia government and private companies. It suggests the Chinese government doesn’t draw a line between political espionage versus commercial espionage.”
FireEye has previously found that Team.Periscope sought maritime technology from U.S. and European defense firms and other institutions with projects in the South China Sea.