In a recent report from Palo Alto Networks’ Unit 42, it has been revealed that at least 24 Cambodian government organizations are being targeted by two prominent Chinese government hacking groups. While the APT groups are not explicitly named in the report, researchers at Palo Alto Networks assess with high confidence that Chinese APT actors are responsible for the ongoing cyberespionage activities.
The malicious activities involve exploiting cloud backup services, allowing the hackers to disguise unusual amounts of traffic associated with data exfiltration. The compromised organizations include National Defense, Election Oversight, Human Rights, National Treasury, Finance, Commerce, Politics, Natural Resources, and Telecommunications, posing a significant risk due to the sensitive data they hold.
The researchers noted that the campaign appears to be part of a long-term espionage effort, aligning with China’s geopolitical goals in leveraging strong relations with Cambodia. This strategic partnership is crucial for China as it seeks to project power, expand naval operations in the region, and advance its Belt and Road Initiative.
Several pieces of evidence point to the Chinese origin of the hacking groups, including their work schedules aligning with China’s Golden Week. The hackers temporarily ceased their activities from September 29 to October 8, coinciding with China’s national holiday. The campaign resumed its normal pace on October 9.
Cambodia’s close alliance with China, a key player in the Belt and Road Initiative, has made it a target for cyberespionage. The report suggests that the cyber threats align with China’s efforts to maintain influence in the region and expand its military presence.
Despite the longstanding alliance, recent tensions and minor fraying between Cambodia and China have been observed since the leadership transition from Hun Sen to his son, Hun Manet, earlier this year. The close relationship has faced challenges, including China taking a tougher stance against cybercrime groups operating out of Cambodia.
As cyber threats continue to evolve, this latest revelation highlights the need for robust cybersecurity measures and international cooperation to counter state-sponsored cyberespionage activities. The ongoing efforts by Chinese hacking groups underscore the persistent challenges faced by nations in securing sensitive data and critical infrastructure from cyber threats.