Skip to main content

China-based hackers take an interest in Cambodia's elections



Group named 'TEMP.Periscope' releasing RATs says FireEye

By Richard Chirgwin 11 Jul 2018 

AUS-based security researcher has accused China of interfering in Cambodia's forthcoming national election.

Security vendor FireEye says it has spotted a large-scale Chinese phishing, intrusion, remote access trojan (RAT), and data exfiltration operation targeting the poll.

Advertisement

FireEye attributed the activity to a group dubbed “TEMP.Periscope”, previously more closely associated with targeting American engineering and maritime operations.

FireEye hacked off at claim it hacked Chinese military's hackers

READ MORE

The FireEye post says TEMP.Periscope footprints were found on a number of election-related entities in Cambodia: various ministries including the National Election Commission; an MP for the Cambodia National Rescue Party; human rights advocates; two Cambodian diplomats in overseas posts; and multiple media outlets.

Its analysis was based on three servers it ran over with the fingerprint brush: “chemscalere[.]com and scsnewstoday[.]com operate as typical C2 servers and hosting sites, while the third, mlcdailynews[.]com, functions as an active SCANBOX server.”

SCANBOX is an advanced persistent threat that FireEye has seen in various campaigns since 2015.

The company believes the servers were administered from Hainan in China, and they hosted malware from two new families, DADBOD and EVILTECH, as well as “previously identified malware families (AIRBREAK, EVILTECH, HOMEFRY, MURKYTOP, HTRAN, and SCANBOX)”.

The lynchpin of this campaign was the Javascript-based AIRBREAK backdoor, which “retrieves commands from hidden strings in compromised webpages and actor controlled profiles on legitimate services”.

The other most active tools were the HOMEFRY password cracker and dumper; the LUNCHMONEY uploader, which sends docs to Dropbox; and a command line reconnaissance tool called MURKYTOP.

FireEye says it had seen these in previous campaigns, and it also spotted two new tools in the Cambodian operation. There's a backdoor called EVILTECH, a Javascript-based RAT; and the DADBOD credential stealer.

Attribution to China came from IP addresses logged on a server available to the company: “One of the IP addresses, 112.66.188.28, is located in Hainan, China. Other addresses belong to virtual private servers, but artifacts indicate that the computers used to log in all cases are configured with Chinese language settings.”

Advertisement

The SCANBOX server suggested TEMP.Periscope was also planning future campaigns targeting individuals with an interest in US-East Asia politics, Russia, and NATO affairs.

Cambodia appears to be heading for likely single-party rule, as the main opposition party has been banned and cannot run candidates in the July 29th poll. The current regime has supported Beijing in its maritime disputes in the South China Sea, annoying neighbours by doing so. Just why China would want to mess with nation's elections given the all-but-certain outcome is anyone's guess. "To show it can" may be as good an answer as any! ®

https://www.theregister.co.uk/2018/07/11/china_cambodia_hacking/

Comments

Popular posts from this blog

Balochistan to establish first medical university

https://www.dawn.com/news/1366135

The Newspaper's Staff CorrespondentOctober 25, 2017QUETTA: The provincial cabinet on Tuesday approved the draft for establishing a medical university in Balochistan.Health minister Mir Rehmat Saleh Baloch made the announcement while speaking at a press conference after a cabinet meeting.“The cabinet has approved the draft of the medical university which would be presented in the current session of the Balochistan Assembly,” he said, adding with the assembly’s approval the Bolan Medical College would be converted into a medical university.Published in Dawn, October 25th, 2017

China’s 'Digital Silk Road': Pitfalls Among High Hopes

https://thediplomat.com/2017/11/chinas-digital-silk-road-pitfalls-among-high-hopes/


Will information and communication technologies help China realize its Digital Silk Road?By Wenyuan WuNovember 03, 2017In his speech at the opening ceremony of China’s 19th Party Congress, President Xi Jinping depicted China as a model of scientific and harmonious development for developing nations. Xi’s China wants to engage the world through commerce but also through environmental protection and technological advancement. This includes Beijing’s efforts to fight climate change with information and communication technologies (ICTs) that it plans to export along its “One Belt One Road” initiative (OBOR). Xi may have ambitious plans, but could China be throwing up obstacles in its own way?In his speech, the Chinese president emphasized the need to modernize the country’s environmental protections. The Chinese state is taking an “ecological civilization” approach to development and diplomacy, with a natio…

Germany’s Siemens sets up Belt and Road office in Beijing

https://gbtimes.com/germanys-siemens-sets-up-belt-and-road-office-in-beijing
Germany’s Siemens sets up Belt and Road office in Beijingby Janne Suokas Mar 23, 2018 15:20 TRADEINVESTMENTBELT AND ROAD INITIATIVEGerman industrial and engineering group Siemens will set up a Belt and Road office in Beijing. surberFlickrCC BY 2.0
German industrial and engineering group Siemens will set up an office in Beijing to boost international cooperation under China’s Belt and Road initiative, the company said on Friday.The move will help strengthen Siemens’ cooperation with Chinese and international companies and expand business opportunities brought about by the Belt and Road initiative, according to the company’s statement.The Belt and Road initiative is China’s ambitious project to boost trade and infrastructure investment in more than 65 countries along the ancient Silk Road trade routes from Asia to Europe and Africa.Siemens said it had already partnered with hundreds of Chinese companies in overse…