A Chinese espionage group with suspected government links targeted the computers of Cambodian government agencies and opposition figures in a hacking campaign ahead of elections this month, according to a U.S. cybersecurity firm.
Several key Cambodian government branches — including the Senate and ministries of foreign affairs, economics and finance, and interior — were compromised in the operation, the Silicon Valley-based firm FireEye said in a report released Tuesday.
It marks the first time that China has been publicly accused of hacking government systems in Cambodia, a small but strategically important nation in Southeast Asia.
FireEye said it believed the effort may have been mounted after the recent Malaysian election upset, which saw the leader of a long-ruling coalition toppled, perhaps prompting China to keep a closer watch on elections in friendly nations. Cambodia has been a strong supporter of Beijing's claims to territory in the South China Sea, putting it at odds with its neighbor, Vietnam, which has contested the claims.
FireEye claimed to have strong reason to suspect that the alleged hacking group, which it identified as TEMP.Periscope, was associated with the Chinese government, based on factors including the tools used, the targeted victims, and the location and language settings of computers used by those operating its servers.
Among those suspected to have been hacked are members of the banned opposition group, the Cambodia National Rescue Party, or CNRP.
Cambodian government spokesman Phay Siphan said he had not been made aware of any sensitive government data being compromised, but two government ministries were monitoring the situation.
“We’re not taking any specific action for the time being, but we do have mechanisms in place to protect against spy activity,” he said. He added that he believed “the Chinese government [does] not support these kind of activities.”
A spokesperson for the Chinese Embassy in Phnom Penh, the Cambodian capital, characterized FireEye’s allegations as “mistaken,” saying in a message that spying on foreign governments “is the turf of the U.S.” He did not respond to follow-up questions.
Kem Monovithya, the U.S.-based daughter of Cambodia's jailed opposition leader Kem Sokha, first alerted the cybersecurity firm to the alleged hacking campaign last month after she received suspicious emails purporting to be from an investigator working for a well-known local human rights NGO.
Though she said she was regularly the target of malicious phishing attempts, the personalized and persistent nature of the emails set off alarm bells. “It’s disturbing how targeted it is and how they are following the advocacy work that I’m doing on behalf of the CNRP,” she said.
The accusations come in the wake of high-profile Russian hacking and interference in the 2016 U.S. presidential election and the United Kingdom’s “Brexit” referendum.
Unlike in elections elsewhere, Prime Minister Hun Sen has no real competition in his bid for reelection after his government asked a court to dissolve the CNRP in September, accusing the opposition of conspiring with foreign powers to topple his government — a claim it rejects.
Malcolm Cook, a senior fellow at the Institute of Southeast Asian Studies in Singapore, said that with upcoming major elections across the region, including Indonesia’s presidential vote next year, it would not be surprising if other governments found themselves under foreign cybersurveillance.
“There’s a lot of international concern about potential interference through cyberactivity in elections,” he said. “This report certainly suggests that Southeast Asia is far from immune.”