FireEye researchers found evidence that a group of Chinese hackers known as TEMP.Periscope spied on both sides of the Cambodian election, according to a new report.
What They Say: Benjamin Read, Senior Director of FireEye for the Analysis of Computer Espionage, said in a statement: " China very closely monitors all parts of the upcoming Cambodian elections, any evidence of activity beyond intelligence gathering, but Cambodia being a key ally, any change within the ruling party would be of interest to China. "[19659003] Read more
See less
Go Further 214 words
Details: TEMP.Periscope was previously known only for spying on targets maritime. Electoral targets show a new interest in geopolitics.
The attack is based on malware Airbreak, Homefry, Murkytop, HTran and Scanbox already badigned to the group, as well as two new families of malware: a FireEye backdoor called Eviltech and a Dadbod's qualified information collection program.
Airbreak malware, which is used to install other malicious programs, has been affixed to documents related to Cambodian politics.
The targets of the attack include:
The National Electoral Commission, Ministry of the Interior, Ministry of Foreign Affairs and International Cooperation, Cambodian Senate, Ministry of Economy and finances.
An MP representing Cambodia in power National Rescue Party
Several human rights defenders in opposition to the ruling party
Two Cambodian diplomats serving overseas.
Several Cambodian media.
Monovithya Kem, Deputy Director General of Public Affairs of the National Rescue Party of Cambodia.
The daughter of the leader of the imprisoned Cambodian opposition party Kem Sokha
The attack provided new evidence that TEMP.Periscope is a Chinese group of FireEye, which monitored a server control of the attack.
While the attackers usually used anonymity measures concealing the place, the only connection that was not located was in Hainan, China.
The computers connected to the server had Chinese language settings.
