Skip to main content

China-based hackers take an interest in Cambodia's elections



Group named 'TEMP.Periscope' releasing RATs says FireEye

By Richard Chirgwin 11 Jul 2018 

AUS-based security researcher has accused China of interfering in Cambodia's forthcoming national election.

Security vendor FireEye says it has spotted a large-scale Chinese phishing, intrusion, remote access trojan (RAT), and data exfiltration operation targeting the poll.

Advertisement

FireEye attributed the activity to a group dubbed “TEMP.Periscope”, previously more closely associated with targeting American engineering and maritime operations.

FireEye hacked off at claim it hacked Chinese military's hackers

READ MORE

The FireEye post says TEMP.Periscope footprints were found on a number of election-related entities in Cambodia: various ministries including the National Election Commission; an MP for the Cambodia National Rescue Party; human rights advocates; two Cambodian diplomats in overseas posts; and multiple media outlets.

Its analysis was based on three servers it ran over with the fingerprint brush: “chemscalere[.]com and scsnewstoday[.]com operate as typical C2 servers and hosting sites, while the third, mlcdailynews[.]com, functions as an active SCANBOX server.”

SCANBOX is an advanced persistent threat that FireEye has seen in various campaigns since 2015.

The company believes the servers were administered from Hainan in China, and they hosted malware from two new families, DADBOD and EVILTECH, as well as “previously identified malware families (AIRBREAK, EVILTECH, HOMEFRY, MURKYTOP, HTRAN, and SCANBOX)”.

The lynchpin of this campaign was the Javascript-based AIRBREAK backdoor, which “retrieves commands from hidden strings in compromised webpages and actor controlled profiles on legitimate services”.

The other most active tools were the HOMEFRY password cracker and dumper; the LUNCHMONEY uploader, which sends docs to Dropbox; and a command line reconnaissance tool called MURKYTOP.

FireEye says it had seen these in previous campaigns, and it also spotted two new tools in the Cambodian operation. There's a backdoor called EVILTECH, a Javascript-based RAT; and the DADBOD credential stealer.

Attribution to China came from IP addresses logged on a server available to the company: “One of the IP addresses, 112.66.188.28, is located in Hainan, China. Other addresses belong to virtual private servers, but artifacts indicate that the computers used to log in all cases are configured with Chinese language settings.”

Advertisement

The SCANBOX server suggested TEMP.Periscope was also planning future campaigns targeting individuals with an interest in US-East Asia politics, Russia, and NATO affairs.

Cambodia appears to be heading for likely single-party rule, as the main opposition party has been banned and cannot run candidates in the July 29th poll. The current regime has supported Beijing in its maritime disputes in the South China Sea, annoying neighbours by doing so. Just why China would want to mess with nation's elections given the all-but-certain outcome is anyone's guess. "To show it can" may be as good an answer as any! ®

https://www.theregister.co.uk/2018/07/11/china_cambodia_hacking/

Comments

Popular posts from this blog

The Rise of China-Europe Railways

https://www.csis.org/analysis/rise-china-europe-railways

The Rise of China-Europe RailwaysMarch 6, 2018The Dawn of a New Commercial Era?For over two millennia, technology and politics have shaped trade across the Eurasian supercontinent. The compass and domesticated camels helped the “silk routes” emerge between 200 and 400 CE, and peaceful interactions between the Han and Hellenic empires allowed overland trade to flourish. A major shift occurred in the late fifteenth century, when the invention of large ocean-going vessels and new navigation methods made maritime trade more competitive. Mercantilism and competition among Europe’s colonial powers helped pull commerce to the coastlines. Since then, commerce between Asia and Europe has traveled primarily by sea.1Against this historical backdrop, new railway services between China and Europe have emerged rapidly. Just 10 years ago, regular direct freight services from China to Europe did not exist.2 Today, they connect roughly 35 Chinese…

SSG Commando Muddassir Iqbal of Pakistan Army

“ Commando Muddassir Iqbal was part of the team who conducted Army Public School operation on 16 December 2014. In this video he reveals that he along with other commandos was ordered to kill the innocent children inside school, when asked why should they kill children after killing all the terrorist he was told that it would be a chance to defame Taliban and get nation on the side. He and all other commandos killed children and later Taliban was blamed.
Muddassir Iqbal has deserted the military and now he is  with mujahedeen somewhere in AF PAK border area”
For authenticity of  this tape journalists can easy reach to his home town to interview his family members or   ISPR as he reveals his army service number”
Asalam o Alaikum: My name is Muddassir Iqbal. My father’s name is Naimat Ali. I belong to Sialkot divison (Punjab province), my village is Shamsher Poor and district, tehsil and post office  Narowal. Unfortunately I was working in Pakistan army. I feel embarrassed to tell you …

CPEC Jobs in Pakistan, salary details

JOBS...نوکریاں چائنہ کمپنی میںPlease help the deserving persons...Salary:Salary package in China–Pakistan Economic Corridor (CPEC) in these 300,000 jobs shall be on daily wages. The details of the daily wages are as follows;Welder: Rs. 1,700 dailyHeavy Duty Driver: Rs. 1,700 dailyMason: Rs. 1,500 dailyHelper: Rs. 850 dailyElectrician: Rs. 1,700 dailySurveyor: Rs. 2,500 dailySecurity Guard: Rs. 1,600 dailyBulldozer operator: Rs. 2,200 dailyConcrete mixer machine operator: Rs. 2,000 dailyRoller operator: Rs. 2,000 dailySteel fixer: Rs. 2,200 dailyIron Shuttering fixer: Rs. 1,800 dailyAccount clerk: Rs. 2,200 dailyCarpenter: Rs. 1,700 dailyLight duty driver: Rs. 1,700 dailyLabour: Rs. 900 dailyPara Engine mechanic: Rs. 1,700 dailyPipe fitter: Rs. 1,700 dailyStorekeeper: Rs. 1,700 dailyOffice boy: Rs. 1,200 dailyExcavator operator: Rs. 2,200 dailyShovel operator: Rs. 2,200 dailyComputer operator: Rs. 2,200 dailySecurity Supervisor: Rs. 2,200 dailyCook for Chinese food: Rs. 2,000 dailyCook…