In the run-up to Cambodia’s general election on July 29, a hacking group tied to China has been breaking into multiple organizations that share a connection to either the country’s main opposition party, voting process or human rights movement, according to new research and additional analysis provided by U.S. cybersecurity firm FireEye. The findings — made possible through a glaring operational security mistake where hackers left their attack servers exposed on the open internet — help illustrate how governments are leaning on cyber-espionage capabilities to learn about foreign elections. FireEye collected this intelligence by directly accessing the attack servers, which weren’t protected with a password. The firm was able to identify breaches through established lines of communication that existed between the servers and victims.
The hacking group in question, known as “TEMP.Periscope,” has been tied multiple times to Chinese-linked cyber-operations that used a suite of unique tools to breach multiple U.S. defense contractors, universities and maritime technology development firms.
According to FireEye, the impacted Cambodian organizations include: the National Election Commission, members of parliament representing the National Rescue Party (CNRP), a Cambodian political party; high-profile Cambodians who’ve publicly advocated for human rights; and at least two unnamed Cambodian media entities.