Cyber Incident Victim: Adhoc
Date:
Jul 2018
Location:
Cambodia
Summary
A Cambodian rights group experienced a website hack resulting in defacement with a false maintenance message, attributed to an actor using the alias 'Turksiberkarargh'. The incident coincided with reported cyber espionage activities by the group TEMP.Periscope, which a U.S. cybersecurity firm assessed was operating on behalf of China and had targeted Cambodia’s electoral body, government ministries, opposition figures, and NGOs ahead of national elections. Data theft impacted both ruling and opposition political parties, with analysts suggesting the operation aimed to gather intelligence potentially to influence electoral outcomes, though Chinese authorities denied involvement. The attack heightened concerns among civil society organizations about being targeted in similar campaigns.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On or around July 10, 2018, Cambodian human rights group Adhoc reported its website (adhoccambodia.org) was compromised by a hacker using the alias "Turksiberkarargh." The attacker replaced the site's content with a message stating, "Sorry, we’re doing some work on the site," effectively shutting down the organization's online presence. Adhoc issued a public statement expressing concern over the breach and explicitly disclaimed responsibility for any content appearing on their domain from July 19 onward. The website remained inaccessible at the time of reporting on July 19. This incident occurred one week after cybersecurity firm FireEye disclosed that advanced persistent threat group TEMP.Periscope—assessed with high confidence to be operating on behalf of the Chinese state—had conducted cyber espionage operations targeting multiple Cambodian entities ahead of the July 29 general election.
FireEye's investigation revealed TEMP.Periscope compromised Cambodia's National Election Committee, multiple government ministries (including Foreign Affairs, Economics and Finance, and Interior), political parties, and NGOs. Data exfiltration affected both the ruling Cambodian People’s Party and the dissolved opposition Cambodia National Rescue Party (CNRP). The campaign, active since at least June 2018, was detected after CNRP leader Kem Sokha’s U.S.-based daughter Kem Monovithya reported suspicious emails impersonating a Cambodian rights investigator. While NEC spokesman Hang Puthea confirmed their website breach, he downplayed risks to election integrity. Cambodian government spokesman Phay Siphan denied awareness of state institution compromises but condemned cyberattacks. China’s Foreign Ministry rejected allegations of involvement. The incident heightened concerns among Cambodian NGOs about operational security, particularly after rights group Licadho was confirmed as another target. This cyber campaign unfolded amid Cambodia’s broader political tensions following the November 2017 dissolution of the CNRP and a government crackdown on independent media and civil society organizations preceding the election.