Cyber Incident Victim: National Election Committee
Date:
Jun 2018
Location:
Cambodia
Summary
A cyber espionage group linked to China, identified as TEMP.Periscope, targeted Cambodia's National Election Committee alongside government ministries, opposition figures, and NGOs ahead of national elections. The attackers compromised websites and stole data, including information from both the ruling party and dissolved opposition entities. A local rights group's website was defaced with a false maintenance message during this campaign. Cybersecurity analysts assessed the operation as state-sponsored espionage aimed at gathering political intelligence, though the stolen data's potential misuse remained unclear. Chinese authorities denied involvement, while Cambodian officials downplayed the severity of the breaches despite confirmed website intrusions. The incident occurred amid heightened political tensions following the dissolution of the main opposition party.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In June 2018, U.S. cybersecurity firm FireEye was alerted to suspicious emails targeting Cambodian political entities by Kem Monovithya, the U.S.-based daughter of detained opposition leader Kem Sokha. FireEye’s subsequent investigation revealed a cyber espionage campaign by the group TEMP.Periscope targeting Cambodia’s National Election Committee (NEC), multiple government ministries, political parties, and NGOs ahead of the July 29 general election. The campaign, active since at least June, compromised the ministries of foreign affairs, economics and finance, and interior, marking the first documented instance of a China-linked group targeting Cambodian government institutions. FireEye reported that data was exfiltrated from both the ruling Cambodian People’s Party (CPP) and the dissolved opposition Cambodia National Rescue Party (CNRP). On July 19, 2018, Cambodian rights group Adhoc announced its website (adhoccambodia.org) had been hacked and defaced with a false maintenance message, attributing the attack to an actor named “Turksiberkarargh.” Adhoc disavowed any content posted after the breach and noted the site remained inaccessible.
FireEye linked TEMP.Periscope’s activities to Chinese state interests, citing the group’s five-year operational history and Cambodia’s strategic importance to China in regional forums like ASEAN. The firm suggested the attacks aimed to gather intelligence on Cambodia’s political climate following Malaysia’s unexpected election upheaval months earlier, though no evidence confirmed intent beyond espionage. NEC spokesman Hang Puthea acknowledged the committee’s website was hacked but downplayed risks of election data compromise. Cambodia’s Council of Ministers spokesman Phay Siphan denied awareness of state institution breaches but condemned cyberattacks. NGOs expressed alarm, noting rights group Licadho was also targeted. China’s Foreign Ministry denied involvement. The incident occurred amid heightened political tensions, including the CNRP’s 2017 dissolution, Kem Sokha’s arrest, and a crackdown on independent media—measures seen as consolidating Prime Minister Hun Sen’s power ahead of the election.