Chinese spies ‘target Cambodian election committee’



US cybersecurity group says espionage network is targeting Phnom Penh ahead of polls

Chinese spies 'target Cambodian election committee'

Supporters hug Hun Sen, prime minister and leader of the Cambodian People’s Party, during a general election campaign in Phnom Penh on July 7. The strongman has hailed a successful crackdown on the opposition’s “color revolution” that wanted to unseat him. (Photo by Tang Chhin Sothy/AFP)

A highly sophisticated digital spying network linked to China has stepped up operations targeting the opposition and government institutions such as the National Election Committee (NEC) in Cambodia ahead of polls due at the end of this month, a report claims. U.S.-based cybersecurity firm FireEye said a Chinese espionage network, known as TEMP.Periscope, was likely moving to protect Beijing’s investment and strategic interests after it was stung by the shock result of the Malaysian election two months ago. “Cambodia has served as a reliable supporter of China’s South China Sea position in international forums such as ASEAN and is an important partner,” FireEye analyst and one of the report’s authors, Ben Read, said on July 11. While Cambodia is rated as “authoritarian” by The Economist magazine’s Democracy Index, the recent surprise upset of the ruling party in Malaysia may motivate China to closely monitor Cambodia’s July 29 elections, he added. The Malaysian election was won by Mahathir Mohamad, who has since said he would review Chinese investments and assert his country’s maritime claims in the South China Sea after accusations his predecessor Najib Razak had gone soft on both issues. Publicly, China has backed Prime Minister Hun Sen ahead of the Cambodian poll, while Western countries and human rights groups remain bitterly upset by a ban on the main opposition party from contesting the ballot and a crackdown on independent media. Cambodian National Rescue Party (CNRP) politicians have fled overseas and religious groups, including Buddhists, Christians and Muslims, have been warned to vote for Hun Sen’s Cambodian Peoples Party or run the risk of civil war. Hun Sen has sought to justify the crackdown, arguing the CNRP and foreign interests, a euphemism for the United States, were fomenting a so-called color revolution. The FireEye report is the first to state that China is also targeting the Cambodian government. It said data collected by cybersecurity experts had traced TEMP.Periscope to Hainan in southern China, where malware was used in attempts to hack into computer networks, trawling for sensitive information. Analysis indicated that Cambodian government organizations and individuals were compromised. These included the NEC, ministries for the interior, foreign affairs and economics, and the Cambodian Senate. The report also said that two Cambodian diplomats serving abroad, a member of parliament from the now banned CNRP, human rights and pro-democracy activists critical of the government, as well as media outlets, were targeted. “We expect this activity to provide the Chinese government with widespread visibility into the Cambodian elections and government operations,” it said. Perhaps the most prominent individual targeted was Monovithya Kem, the CNRP deputy director general of public affairs and daughter of Cambodian opposition leader Kem Sokha, who is currently in jail on charges of treason. Read told that stories from international and Cambodian online media — independent and pro-government — were infected with malware and used as bait to gain access to computer systems. They included Fresh News, The Phnom Penh Post, Reuters and Asia Times. The Khmer Times was the most cited.

Read added that TEMP.Periscope had been active on an international level at least since 2013 and had previously targeted private companies and governments in Asia, Europe and North America. “The targeting of the election commission is particularly significant given the critical role it plays in facilitating voting,” the report said. “There is not yet enough information to determine why the organization was compromised — simply gathering intelligence or as part of a more complex operation. “Regardless, this incident is the most recent example of aggressive nation-state collection on election processes worldwide.” Though election-related activity had only been uncovered in Southeast Asia, it would be a mistake to assume these threats are not relevant elsewhere, the report concluded.