Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Supporters of GDP seen on a vehicle. Photo: Enric Catala Contreras/SOPA Images/LightRocket via Getty Images
Researchers at FireEye found evidence that a Chinese hacker group known as TEMP.Periscope spied on both sides of the Cambodian election, according to a new report.
What they're saying: Benjamin Read, FireEye senior manager for cyber espionage analysis said in a statement: "China is heavily surveilling all parts of the upcoming Cambodian elections. We have not seen any evidence of activity beyond intelligence collection, but Cambodia is a key ally, so any change in ruling party would be of interest to China."
The details: TEMP.Periscope was previously only known for espionage on maritime targets. The election targets show a new interest in geopolitics.
- The attack leveraged Airbreak, Homefry, Murkytop, HTran, and Scanbox malware already attributed to the group, as well as two new families of malware: a backdoor FireEye dubbed Eviltech and a credential harvesting program it dubbed Dadbod.
- Airbreak malware, which is used to install other malware programs, was affixed to lure documents related to Cambodian politics.
Targets of the attack include:
- The National Election Commission, Ministry of the Interior, Ministry of Foreign Affairs and International Cooperation, Cambodian Senate, Ministry of Economics and Finance.
- A Member of Parliament representing the ruling Cambodia National Rescue Party.
- Multiple human rights advocates in opposition to the ruling party.
- Two Cambodian diplomats serving overseas.
- Multiple Cambodian media outlets.
- Monovithya Kem, deputy director-general of public affairs of the Cambodia National Rescue Party.
- The daughter of imprisoned Cambodian opposition party leader Kem Sokha.
The attack provided new evidence that TEMP.Periscope is a Chinese group from FireEye, which monitored a control server from the attack.
- While the attackers usually used location-hiding anonymity measures, the one connection that didn't was located in Hainan, China.
- Computers that connected to the server had Chinese language settings.