At least 24 Cambodian government organizations have been compromised by two high-profile Chinese state-sponsored advanced persistent threat groups as part of a cyberespionage operation, reports The Record, a news site by cybersecurity firm Recorded Future.
Numerous host subdomains purporting to be cloud backup services were leveraged by attackers to stealthily exfiltrate data from the networks of Cambodia's commerce, finance, national defense, human rights, telecommunications, natural resources, and election oversight agencies, according to a report from Palo Alto Networks Unit 42.
Researchers attributed the campaign to Chinese threat actors based on the infrastructure and activity patterns, with the hackers pausing data compromise efforts during China's Golden Week.
Such a campaign "aligns with geopolitical goals of the Chinese government as it seeks to leverage their strong relations with Cambodia to project their power and expand their naval operations in the region," said researchers. Cambodia has yet to comment on the findings.
Data extortion has been increasingly leveraged by ransomware operations instead of data encryption, with the change in attack techniques fueled by improved ransomware detection systems and stronger law enforcement crackdowns on ransomware gangs, TechRepublic reports.
Threat intelligence: Unleashing the full potential of your security arsenal
Using Centralized Data Security Management to Turn Cybersecurity into a Team Sport
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news