Skip to main content

China-based hackers take an interest in Cambodia's elections



Group named 'TEMP.Periscope' releasing RATs says FireEye

By Richard Chirgwin 11 Jul 2018 

AUS-based security researcher has accused China of interfering in Cambodia's forthcoming national election.

Security vendor FireEye says it has spotted a large-scale Chinese phishing, intrusion, remote access trojan (RAT), and data exfiltration operation targeting the poll.

Advertisement

FireEye attributed the activity to a group dubbed “TEMP.Periscope”, previously more closely associated with targeting American engineering and maritime operations.

FireEye hacked off at claim it hacked Chinese military's hackers

READ MORE

The FireEye post says TEMP.Periscope footprints were found on a number of election-related entities in Cambodia: various ministries including the National Election Commission; an MP for the Cambodia National Rescue Party; human rights advocates; two Cambodian diplomats in overseas posts; and multiple media outlets.

Its analysis was based on three servers it ran over with the fingerprint brush: “chemscalere[.]com and scsnewstoday[.]com operate as typical C2 servers and hosting sites, while the third, mlcdailynews[.]com, functions as an active SCANBOX server.”

SCANBOX is an advanced persistent threat that FireEye has seen in various campaigns since 2015.

The company believes the servers were administered from Hainan in China, and they hosted malware from two new families, DADBOD and EVILTECH, as well as “previously identified malware families (AIRBREAK, EVILTECH, HOMEFRY, MURKYTOP, HTRAN, and SCANBOX)”.

The lynchpin of this campaign was the Javascript-based AIRBREAK backdoor, which “retrieves commands from hidden strings in compromised webpages and actor controlled profiles on legitimate services”.

The other most active tools were the HOMEFRY password cracker and dumper; the LUNCHMONEY uploader, which sends docs to Dropbox; and a command line reconnaissance tool called MURKYTOP.

FireEye says it had seen these in previous campaigns, and it also spotted two new tools in the Cambodian operation. There's a backdoor called EVILTECH, a Javascript-based RAT; and the DADBOD credential stealer.

Attribution to China came from IP addresses logged on a server available to the company: “One of the IP addresses, 112.66.188.28, is located in Hainan, China. Other addresses belong to virtual private servers, but artifacts indicate that the computers used to log in all cases are configured with Chinese language settings.”

Advertisement

The SCANBOX server suggested TEMP.Periscope was also planning future campaigns targeting individuals with an interest in US-East Asia politics, Russia, and NATO affairs.

Cambodia appears to be heading for likely single-party rule, as the main opposition party has been banned and cannot run candidates in the July 29th poll. The current regime has supported Beijing in its maritime disputes in the South China Sea, annoying neighbours by doing so. Just why China would want to mess with nation's elections given the all-but-certain outcome is anyone's guess. "To show it can" may be as good an answer as any! ®

https://www.theregister.co.uk/2018/07/11/china_cambodia_hacking/

Comments

Popular posts from this blog

Balochistan to establish first medical university

https://www.dawn.com/news/1366135

The Newspaper's Staff CorrespondentOctober 25, 2017QUETTA: The provincial cabinet on Tuesday approved the draft for establishing a medical university in Balochistan.Health minister Mir Rehmat Saleh Baloch made the announcement while speaking at a press conference after a cabinet meeting.“The cabinet has approved the draft of the medical university which would be presented in the current session of the Balochistan Assembly,” he said, adding with the assembly’s approval the Bolan Medical College would be converted into a medical university.Published in Dawn, October 25th, 2017

CPEC Jobs in Pakistan, salary details

JOBS...نوکریاں چائنہ کمپنی میںPlease help the deserving persons...Salary:Salary package in China–Pakistan Economic Corridor (CPEC) in these 300,000 jobs shall be on daily wages. The details of the daily wages are as follows;Welder: Rs. 1,700 dailyHeavy Duty Driver: Rs. 1,700 dailyMason: Rs. 1,500 dailyHelper: Rs. 850 dailyElectrician: Rs. 1,700 dailySurveyor: Rs. 2,500 dailySecurity Guard: Rs. 1,600 dailyBulldozer operator: Rs. 2,200 dailyConcrete mixer machine operator: Rs. 2,000 dailyRoller operator: Rs. 2,000 dailySteel fixer: Rs. 2,200 dailyIron Shuttering fixer: Rs. 1,800 dailyAccount clerk: Rs. 2,200 dailyCarpenter: Rs. 1,700 dailyLight duty driver: Rs. 1,700 dailyLabour: Rs. 900 dailyPara Engine mechanic: Rs. 1,700 dailyPipe fitter: Rs. 1,700 dailyStorekeeper: Rs. 1,700 dailyOffice boy: Rs. 1,200 dailyExcavator operator: Rs. 2,200 dailyShovel operator: Rs. 2,200 dailyComputer operator: Rs. 2,200 dailySecurity Supervisor: Rs. 2,200 dailyCook for Chinese food: Rs. 2,000 dailyCook…

Germany’s Siemens sets up Belt and Road office in Beijing

https://gbtimes.com/germanys-siemens-sets-up-belt-and-road-office-in-beijing
Germany’s Siemens sets up Belt and Road office in Beijingby Janne Suokas Mar 23, 2018 15:20 TRADEINVESTMENTBELT AND ROAD INITIATIVEGerman industrial and engineering group Siemens will set up a Belt and Road office in Beijing. surberFlickrCC BY 2.0
German industrial and engineering group Siemens will set up an office in Beijing to boost international cooperation under China’s Belt and Road initiative, the company said on Friday.The move will help strengthen Siemens’ cooperation with Chinese and international companies and expand business opportunities brought about by the Belt and Road initiative, according to the company’s statement.The Belt and Road initiative is China’s ambitious project to boost trade and infrastructure investment in more than 65 countries along the ancient Silk Road trade routes from Asia to Europe and Africa.Siemens said it had already partnered with hundreds of Chinese companies in overse…