Two prominent Chinese government hacking groups are targeting at least 24 Cambodian government organizations through cloud backup services, according to a new report.
First reported by the Washington Post on Wednesday, the report from Palo Alto Networks’ Unit 42 does not name the APT groups but said the company’s researchers “assess with high confidence that these Cambodian government entities were targeted and remain compromised by Chinese APT actors.”
“This assessment is due to the malicious nature and ownership of the infrastructure combined with persistent connections over a period of several months,” they explained. The Washington Post attributed the activity to China’s Ministry of State Security.
The researchers discovered the compromises by monitoring telemetry associated with the Chinese APT groups, finding inbound connections originating from at least 24 Cambodian government organizations.
A spokesperson for the Cambodian government did not respond to requests for comment.
Palo Alto researchers said they have been tracking servers used by the hacking groups and noted several host subdomains that masquerade as cloud storage services.
This, they said, allows the hackers to disguise the unusual amounts of traffic that come from data exfiltration.
The Cambodian government organizations were seen communicating with this infrastructure in September and October. The government agencies affected include National Defense, Election Oversight, Human Rights, National Treasury, Finance, Commerce, Politics, Natural Resources and Telecommunications.
These organizations hold troves of sensitive financial data, citizen information and classified government documents.
“We assess that these organizations are likely the targets of long-term cyberespionage activities that have leveraged this infrastructure for persistent access to government networks of interest,” the researchers said.
The researchers said there were several pieces of evidence to suggest the group is based in China, including their day-to-day work schedules. The hackers stopped working between September 29 and October 8 — which aligns with China’s Golden Week from September 29 to October 6. The activity returned to normal levels on October 9.
The researchers believe the campaign is part of a long-term espionage effort and “aligns with geopolitical goals of the Chinese government as it seeks to leverage their strong relations with Cambodia to project their power and expand their naval operations in the region.”
Cambodia has long been one of China’s most ardent allies, often drawing the ire of other Southeast Asian nations for their defense of Chinese territorial aims in the South China Sea.
Cambodia is also a significant part of China’s Belt and Road Initiative (BRI) and will host the controversial Ream Naval Base — one of China’s first overseas military outposts in Southeast Asia.
Despite the close relationship, there have been signs of minor fraying between the two countries since Cambodian dictator Hun Sen ended his nearly 40-year rule and handed control of the country over to his son, Hun Manet, this summer.
A recent Chinese film spotlighting the scourge of human-trafficking-backed online scams drew outrage among Chinese citizens and has forced the Chinese government to take a harder stance against cybercrime groups. Many of these online scams, most of which target the elderly in China, are run out of compounds in Cambodia and Myanmar.
Cambodian officials tried to ban the film from being shown and have stymied efforts by police from China, Vietnam and Thailand to disrupt the scam compounds and rescue people held captive.
For years, Chinese APT groups have launched an array of espionage campaigns targeting allies and foes across Southeast Asia. Cybersecurity firm Mandiant previously reported in 2018 that Chinese hackers broke into the systems of several Cambodian government entities.
https://therecord.media/chinese-apt-gro ... anizations
Chinese APT groups target dozens of Cambodian government orgs
- Bong Burgundy
- Where Did All the People Go?
- Reactions: 293
- Posts: 2536
- Joined: Sun Oct 29, 2017 12:20 pm
- Location: K440 Channel 4 News
Chinese APT groups target dozens of Cambodian government orgs
Bringing the news. You stay classy, nas, Cambodia.
-
- Similar Topics
- Replies
- Views
- Last post
-
-
281+ Chinese get Cambodian nationality in 2020
by Bong Burgundy » Sun Nov 22, 2020 6:55 am » in Cambodia Speakeasy - 4 Replies
- 1556 Views
-
Last post by caferacer
Sun Nov 22, 2020 7:01 pm
-
-
-
Chinese courts go after ‘notorious’ Cambodian conglomerate
by Bong Burgundy » Tue Feb 06, 2024 9:10 am » in Cambodia News - 17 Replies
- 1546 Views
-
Last post by frigidaire
Wed Feb 14, 2024 12:09 pm
-
-
-
Dodgy Chinese with Cambodian passports + Birmingham City FC
by Bong Burgundy » Tue Apr 05, 2022 8:45 pm » in Cambodia News - 23 Replies
- 5348 Views
-
Last post by Guest9999
Mon Jun 06, 2022 2:11 am
-
-
-
Chinese hackers steal data from Cambodian MoFA
by Bong Burgundy » Thu Jul 22, 2021 1:43 pm » in Cambodia News - 12 Replies
- 4503 Views
-
Last post by Whoknows
Sun Aug 01, 2021 8:42 am
-
-
-
If you packing, don't be crashing- Chinese & Cambodian meth mules caught on speedroad
by Bong Burgundy » Sun Sep 10, 2023 4:03 pm » in Cambodia News - 1 Replies
- 877 Views
-
Last post by Winer Diner
Sun Sep 10, 2023 6:21 pm
-