A Chinese espionage group has hacked several key Cambodian government entities ahead of the Kingdom’s national election on July 29, US cybersecurity firm FireEye claims.
Hackers targeted at least one opposition figure by impersonating a human rights group employee in emails, according to FireEye research released on Wednesday. The report found that a group known as TEMP.Periscope – believed to be working at the Chinese government’s behest – has gained access to computers within various Cambodian ministries.
FireEye, led by CEO Kevin Mandia, a former member of the US Air Force, has been active in exposing Chinese espionage groups, most notably a widespread intellectual theft operation by a Chinese People’s Liberation Army Unit in 2013, which led to its officers being indicted by the US Department of Justice. In-Q-Tel, the venture capital arm of the CIA that invests in technology, has a stake in FireEye.
FireEye has dismissed its CIA links, saying IQT owns “far less than 1 per cent” of the company and that no one from IQT or any intelligence agency sits on its board.
Cambodia’s National Election Commission (NEC) has also been compromised, said Ben Read, FireEye’s senior manager of Cyber Espionage Analysis. “That would give them the ability to potentially steal files [and] see what was happening on that computer.”
Wang Dexin, head of the political section at the Chinese embassy in Cambodia, and Ma Yuanchun, director of the Foreign Media Relations Division at the Chinese Foreign Ministry, did not respond to multiple calls and emails.
Cambodian interior ministry spokesman Khieu Sopheak said he had no information about the cybersecurity breach before hanging up. He did not respond to subsequent phone calls.
Spokesmen at the foreign ministry and NEC did not respond to queries by press time. Council of Ministers spokesman Phay Siphan said hacking was not uncommon but should be condemned in the strongest terms.
“Hacking is against Cambodia’s national security,” he said. “Spying, we condemn this. It’s against the law, for any group – China, the US or EU.”
He said he doubted China would support such an espionage scheme but added that if a group “acts like that, they are not a friend – they are abusing [the friendship]”.
Government bodies were not the only targets; the discovery of TEMP.Periscope’s recent operations were traced after a phishing attempt targeting Kem Monovithya, daughter of imprisoned opposition leader Kem Sokha, who heads opposition Cambodia National Rescue Party (CNRP).
Kem Sokha was arrested in September on allegations of “treason” and the CNRP – the only legitimate challenger to Prime Minister Hun Sen’s 33-year rule – was forcibly dissolved by the courts in November.
Kem Monovithya was emailed by a hacker impersonating an employee at human rights organisation Licadho, who had specific knowledge of her father’s case and her own advocacy efforts abroad.
“The person kept following up and it looked genuine; it’s very personal, very targeted,” Kem Monovithya said.
While she expects attacks from the ruling Cambodian People’s Party, she said it was “disturbing” that these attempts came from a foreign entity.
China is Cambodia’s biggest aid donor and its largest investor, surpassing Cambodia itself and sinking about US$1 billion in foreign direct investment annually. Hun Sen has grown increasingly reliant on Chinese support and distanced himself from Western donors as he has gone about destroying the country’s nascent democratic institutions.
“It’s sad that the Hun Sen government is willingly compromising our country for the sake of them holding onto power for longer,” she said, adding that the cybersecurity breaches of government bodies showed the dangers of cosying up to one country and shunning others.
A former CNRP lawmaker, two diplomats, a number of Cambodian media outlets and multiple Cambodians advocating human rights and democracy were also targeted.
Paul Chambers, a lecturer at Naresuan University in Thailand, said Hun Sen “has embedded himself too closely to China to dig out from the dependency at this late point in time”.