Cyber Incident Victim: Cambodian People's Party
Date:
Jun 2018
Location:
Cambodia
Summary
A Cambodian rights group's website was hacked and replaced with a false maintenance message, coinciding with a reported cyber espionage campaign by the China-linked group TEMP.Periscope targeting stakeholders ahead of national elections. The operation compromised government agencies, the election committee, opposition members, and NGOs, with data stolen from both the ruling Cambodian People’s Party and the dissolved opposition party. Cybersecurity analysts attributed the activity to Chinese state interests seeking political intelligence amid regional uncertainties, though China denied involvement. The incident occurred during heightened political tensions following the opposition's dissolution and a crackdown on civil society, raising concerns about election integrity and foreign interference.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In mid-2018, a cyber espionage campaign targeted Cambodian political entities and civil society organizations ahead of the July 29 general election. U.S. cybersecurity firm FireEye reported in July 2018 that the hacking group TEMP.Periscope—assessed with high confidence to be operating on behalf of the Chinese state—had compromised systems belonging to Cambodia’s National Election Committee (NEC), multiple government ministries (including Foreign Affairs, Economics and Finance, and Interior), opposition figures, and NGOs. The activity was first detected in June 2018 when Kem Monovithya, U.S.-based daughter of arrested opposition leader Kem Sokha, received repeated suspicious emails impersonating a Cambodian rights investigator. FireEye’s analysis indicated data theft from both the dissolved Cambodia National Rescue Party (CNRP) and the ruling Cambodian People’s Party (CPP), characterizing the operation as espionage to gather political intelligence. The firm suggested China sought insights into Cambodia’s electoral landscape following Malaysia’s unexpected opposition victory in May 2018, which had disrupted Beijing’s regional interests.
On July 19, 2018, Cambodian rights group Adhoc confirmed its website (adhoccambodia.org) was hacked and replaced with a false maintenance message attributed to a hacker using the alias "Turksiberkarargh." Adhoc publicly disavowed any content posted after the breach and expressed concern over the attack’s timing amid pre-election repression. FireEye linked this incident to TEMP.Periscope’s broader campaign, which also targeted fellow NGO Licadho. The NEC acknowledged its website had been hacked but downplayed impacts, with spokesman Hang Puthea doubting election-related secrets were compromised. Cambodian government spokesman Phay Siphan denied awareness of state agency breaches but condemned cyberattacks generally. China’s Foreign Ministry rejected allegations of involvement. The attacks occurred against a backdrop of heightened political tensions, including the November 2017 dissolution of the CNRP, a crackdown on independent media, and measures seen as ensuring CPP dominance in the imminent election. Stolen data from both ruling and opposition parties raised concerns about potential secondary uses beyond intelligence gathering, though no evidence of disruptive interference emerged.