US firm: Chinese hackers infiltrate Cambodia ahead of polls

In this April 26, 2018, photo, visitors stand in front of an electronic data display showing a map of China at the Global Mobile Internet conference in Beijing. A California-based security-research firm said Wednesday, July 11, 2018, that it found evidence that an elite Chinese government-linked hacking team has penetrated computer systems belonging to Cambodia's election commission, opposition leaders and media in the months leading up to Cambodia's July 29 election. (AP Photo/Mark Schiefelbein)
FILE - In this Sept. 12, 2017, file photo, an attendee looks at a digital representation of network connectivity at a vendor's display booth at the China Internet Security Conference in Beijing. A California-based security-research firm said Wednesday, July 11, 2018, that it found evidence that an elite Chinese government-linked hacking team has penetrated computer systems belonging to Cambodia's election commission, opposition leaders and media in the months leading up to Cambodia's July 29 election. (AP Photo/Mark Schiefelbein, File)
FILE - In this July 7, 2018, file photo, supporters wait for the start of a campaign rally of Cambodian Prime Minister Hun Sen's Cambodian People's Party in Phnom Penh, Cambodia. A California-based security-research firm said Wednesday, July 11, 2018, that it found evidence that an elite Chinese government-linked hacking team has penetrated computer systems belonging to Cambodia's election commission, opposition leaders and media in the months leading up to Cambodia's July 29 election. (AP Photo/Heng Sinith, File)
FILE - In this July 2, 2018 file photo, a woman uses a Chinese national flag to protect herself from the sun as she listens to Prime Minister Hun Sen who delivering his speech during an inauguration ceremony of a sky bridge funded by China for its official use in Phnom Penh, Cambodia. A California-based security-research firm said Wednesday, July 11, 2018, that it found evidence that an elite Chinese government-linked hacking team has penetrated computer systems belonging to Cambodia's election commission, opposition leaders and media in the months leading up to Cambodia's July 29 election. (AP Photo/Heng Sinith, File)

BEIJING — Last month, the daughter of a jailed Cambodian opposition party leader received an email from a well-seeming activist at a reputed Cambodian non-profit. For weeks, the sender nudged Monovithya Kem to open an attachment described as containing interview questions.

Kem suspected a trap set by Cambodian hackers seeking access to her computer. But a monthslong investigation by California security-research firm FireEye revealed that Kem was among several Cambodians likely targeted by a far more formidable actor: China.

FireEye said Wednesday it found evidence that a Chinese hacking team it believes is linked to Beijing has penetrated computer systems belonging to Cambodia's election commission, opposition leaders and media in the months leading up to Cambodia's July 29 election. Investigators could not immediately tell what, if any, data had been stolen or altered.

The Foreign Ministry in China has rejected these allegations.

Although FireEye did not find evidence that the Chinese hackers are working to sway the Cambodian elections in the ruling party's favor, the revelations may cast a murky geopolitical shadow over the elections critics already say will be neither free nor fair.

Prime Minister Hun Sen, one of the world's longest-serving rulers and a staunch ally of Beijing, faced what analysts predicted would have been a tight race before he jailed opposition leader Kem Sokha last year, accusing him of treason.

After the European Union and the United States withdrew their support for the election, China stepped in to donate $20 million to Cambodia's National Election Committee, said Hang Puthea, a spokesman for the body. China also last year pledged $100 million in military aid.

Monovithya Kem, the daughter of Kem Sokha and an official in his now-disbanded Cambodia National Rescue Party, said she has frequently been targeted by Cambodian hackers in the past, but the revelation of potential Chinese involvement shocked her.

"To know that a foreign group is specifically trying to get information from me — now that's scary," Kem said by phone from Washington, where she is based. "What you're dealing with is suddenly bigger."

FireEye's head of cyberspying analysis Benjamin Read said malware-ridden files sent to Cambodian targets were traced by his team to an unsecured server operated by the Chinese hacking group TEMP.Periscope.

On the hackers' server, FireEye researchers found records showing that the group had compromised Cambodia's election commission and several Cambodian ministries. The servers' access logs in one instance traced to an IP address in China's southern Hainan island, said Read, who described TEMP.Periscope as the second most active Chinese hacking group FireEye has traced.

FireEye says the group appears state-linked because it seems to be seeking information that would benefit the Chinese government.

"They don't go for credit card numbers of bank account numbers, they go for information that's of use to a government," Read said. "We saw them use the same infrastructure to target the Cambodia government and private companies. It suggests the Chinese government doesn't draw a line between political espionage versus commercial espionage."

FireEye has previously found that TEMP.Periscope sought maritime technology from U.S. and European defense firms and other institutions with projects in the contested South China Sea.

China's Foreign Ministry said in a statement that it is not aware of TEMP.Periscope and resolutely opposes cyberattacks as a general principle. "China calls on the international community to combat cybersecurity threats on a respectful, equal and mutually beneficial basis," it said.

The Cambodian election commission was aware of Wednesday's reports about the hacking, Hang, the commission's spokesman said, and has filed a legal complaint to the Cambodian government.

Government spokesman Phay Sophana said he was not aware of any specific cases of hacking attacks on state agencies. Cambodia would protect its online data, especially relating to national security, the election and financial matters, he added.

The scope of FireEye's findings on Wednesday did not include Taiwan. But Danielle Cave, a cyber policy analyst at the Australian Strategic Policy Institute who is not affiliated to FireEye, said China appears to be testing its cyber and covert influence capabilities on the self-ruled island Beijing claims as its territory.

Cave said Taiwan has long been a target of campaigns by China that combine spreading propaganda favoring China with outright hacking to deface websites or pilfer data.

In January, Taiwan prosecutors said they found evidence that China's Taiwan Affairs Office promised to pay a Taiwanese politician $500,000 to run a website publishing articles promoting unification. China dismissed the allegations as "pure nonsense."

The website of Taiwanese President Tsai Ing-wen's independence-leaning Democratic Progressive Party was defaced by hackers believed to be from China earlier this month. Kolas Yokata, a DPP legislator, told The Associated Press the party was investing in cybersecurity upgrades ahead of November, when Taiwan is expected to hold local elections that will serve as a referendum on the party's grip on power.

"We especially cannot accept that our elections could be manipulated," Yokata said.

___

Associated Press writer Sopheng Cheang in Phnom Penh, Cambodia, contributed to this report.

___

This story corrects name of Chinese hacking group.

People also read these

China's ever-tighter web controls jolt companies, scientists

Sep 10, 2017

China's campaign to stamp out use technology that allows web surfers to evade its internet filters...

Viral smartphone game lets ordinary Chinese "clap" for Xi

Oct 20, 2017

Ordinary young Chinese may not have paid close attention to Xi Jinping's 3-and-a-half hour marathon...

Springer Nature blocks access to articles in China

Nov 1, 2017

Academic publisher Springer Nature says it has blocked access to articles within China to comply...

North Korea, trade deficit on agenda of Trump's China visit

Nov 7, 2017

President Donald Trump's agenda in Beijing is expected to be led by the standoff over North Korea's...

Apple CEO hopeful banned apps will return to China store

Dec 6, 2017

Apple's chief executive says he's optimistic some apps that fell afoul of China's tight internet...

AseanCoverage is a next-gen news site focusing exclusively on online news from South East Asia.

Contact us: sales[at]aseancoverage.com