Supporters of GDP seen on a vehicle. Photo: Enric Catala Contreras/SOPA Images/LightRocket via Getty Images

Researchers at FireEye found evidence that a Chinese hacker group known as TEMP.Periscope spied on both sides of the Cambodian election, according to a new report.

What they're saying: Benjamin Read, FireEye senior manager for cyber espionage analysis said in a statement: "China is heavily surveilling all parts of the upcoming Cambodian elections. We have not seen any evidence of activity beyond intelligence collection, but Cambodia is a key ally, so any change in ruling party would be of interest to China."

The details: TEMP.Periscope was previously only known for espionage on maritime targets. The election targets show a new interest in geopolitics.

  • The attack leveraged Airbreak, Homefry, Murkytop, HTran, and Scanbox malware already attributed to the group, as well as two new families of malware: a backdoor FireEye dubbed Eviltech and a credential harvesting program it dubbed Dadbod.
  • Airbreak malware, which is used to install other malware programs, was affixed to lure documents related to Cambodian politics.

Targets of the attack include:

    • The National Election Commission, Ministry of the Interior, Ministry of Foreign Affairs and International Cooperation, Cambodian Senate, Ministry of Economics and Finance.
    • A Member of Parliament representing the ruling Cambodia National Rescue Party.
    • Multiple human rights advocates in opposition to the ruling party.
    • Two Cambodian diplomats serving overseas.
    • Multiple Cambodian media outlets.
    • Monovithya Kem, deputy director-general of public affairs of the Cambodia National Rescue Party.
    • The daughter of imprisoned Cambodian opposition party leader Kem Sokha.

The attack provided new evidence that TEMP.Periscope is a Chinese group from FireEye, which monitored a control server from the attack.

  • While the attackers usually used location-hiding anonymity measures, the one connection that didn't was located in Hainan, China.
  • Computers that connected to the server had Chinese language settings.

Go deeper

4 mins ago - World

Hollywood's international game of chicken

Illustration: Eniola Odetunde/Axios

If all goes to plan, Christopher Nolan's thrice-delayed "Tenet" will be the first blockbuster to receive a proper worldwide theatrical release amid the coronavirus pandemic at the end of this month.

Why it matters: It'll be playing a $200 million game of chicken, hoping to prove that people across the globe are still willing to trek to theaters to see a splashy new movie.

Updated 19 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 5:30 p.m. ET: 18,160,139 — Total deaths: 690,724 — Total recoveries — 10,755,137Map.
  2. U.S.: Total confirmed cases as of 5:30 p.m. ET: 4,698,244 — Total deaths: 155,191 — Total recoveries: 1,468,689 — Total tests: 56,812,162Map.
  3. Politics: White House will require staff to undergo randomized coronavirus testing — Pelosi says Birx "enabled" Trump on misinformation.
  4. Business: Virtual school is another setback for retail — The pandemic hasn't hampered health care.
  5. Sports: 13 members of St. Louis Cardinals test positive, prompting MLB to cancel Tigers series — Former FDA chief says MLB outbreaks should be warning sign for schools.
2 hours ago - Sports

13 members of St. Louis Cardinals test positive for coronavirus

Photo: Hannah Foslien/Getty Images

Seven players and six staff members from the St. Louis Cardinals have tested positive for the coronavirus over the past week, prompting the MLB to postpone the team's upcoming four-game series against the Detroit Tigers.

Why it matters: Seven consecutive Cardinals games have now been canceled after St. Louis became the second team to report a significant coronavirus outbreak, just two weeks into the season.