26
Cyber security analysts accuse China of attacking Cambodian government infrastructure as part of a "a long-term espionage campaign" - Feddit
feddit.deUnit 42, a cyber risk intelligence firm, has identified malicious Chinese APT
infrastructure masquerading as cloud backup services. According to a report, the
detected activity “is believed to be part of a long-term espionage campaign”.
Monitoring telemetry associated with two prominent Chinese APT groups, the
experts observed network connections predominately originating from the country
of Cambodia, including inbound connections originating from at least 24
Cambodian government organizations. There is “high confidence that these
Cambodian government entities were targeted and remain compromised by Chinese
APT actors,” Unit 42 writes in the report, adding that this assessment is due to
the malicious nature and ownership of the infrastructure combined with
persistent connections over a period of several months. Cambodia and China
maintain strong diplomatic and economic ties. Since Cambodia signed on to
China’s Belt and Road Initiative (BRI) in 2013, the relationship between these
two countries has grown steadily. In recent years, China’s most notable
investment has been a project to modernize Cambodia’s Ream Naval Base. This
project generated controversy and drew scrutiny from several Western nations due
to initial attempts by both countries to conceal the project. As the project
nears completion this year, the naval base is on track to become China’s first
overseas outpost in Southeast Asia. As such, this project demonstrates how
significant Cambodia is to China’s ambitions of projecting power and expanding
naval operations in the region. Affected government agencies include the
National Defense, Election Oversight, Human Rights, National Treasury, Finance,
Commerce, Politics, Natural Resources and Telecommunications, while these
organizations hold vast amount of sensitive financial data, citizen information
and classified government documents. “The observed activity aligns with
geopolitical goals of the Chinese government as it seeks to leverage their
strong relations with Cambodia to project their power and expand their naval
operations in the region,” the cyber experts conclude. They encourage all
affected organizations to leverage their findings to inform the deployment of
protective measures to defend against this activity, which are also listed in
the report.
Cross-posted from: https://feddit.de/post/5457255
Original link: https://unit42.paloaltonetworks.com/chinese-apt-linked-to-cambodia-government-attacks/
[Edit typo.]
It is now 😅