At least 24 Cambodian government organizations have been compromised by two high-profile Chinese state-sponsored advanced persistent threat groups as part of a cyberespionage operation, reports The Record, a news site by cybersecurity firm Recorded Future.
Numerous host subdomains purporting to be cloud backup services were leveraged by attackers to stealthily exfiltrate data from the networks of Cambodia's commerce, finance, national defense, human rights, telecommunications, natural resources, and election oversight agencies, according to a report from Palo Alto Networks Unit 42.
Researchers attributed the campaign to Chinese threat actors based on the infrastructure and activity patterns, with the hackers pausing data compromise efforts during China's Golden Week.
Such a campaign "aligns with geopolitical goals of the Chinese government as it seeks to leverage their strong relations with Cambodia to project their power and expand their naval operations in the region," said researchers. Cambodia has yet to comment on the findings.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.