November 13, 2023 at 01:06AM
Chinese hacking groups have been found targeting 24 Cambodian government organizations in a long-term espionage campaign. The cyber activity is believed to align with China’s geopolitical goals and involves leveraging strong relations with Cambodia to expand naval operations in the region. The groups have been using fake cloud backup and storage services to hide their activity. There has been a shift in Chinese cyber espionage tactics, with a focus on exploiting known and zero-day vulnerabilities in public-facing email servers and network appliances.
Key takeaways from the meeting notes:
1. Chinese nation-state hacking groups have been conducting malicious cyber activity targeting 24 Cambodian government organizations as part of a long-term espionage campaign.
2. The Chinese government is leveraging its strong relations with Cambodia to expand its naval operations in the region.
3. The targeted organizations include defense, election oversight, human rights, national treasury and finance, commerce, politics, natural resources, and telecommunications.
4. The attackers are using cloud backup and storage services as a disguise for their adversarial infrastructure.
5. The threat actor’s activity has been predominantly observed during regular business hours in China, with a drop in activity during the Golden Week national holidays.
6. Various Chinese-nexus hacking groups have been conducting espionage campaigns across Asia.
7. A recent intrusion set codenamed REF5961 targeted the Association of Southeast Asian Nations (ASEAN) countries using custom backdoors.
8. China’s cyber espionage activity has become more mature and coordinated, focusing on exploiting known and zero-day vulnerabilities in public-facing email servers, security, and network appliances.
9. Chinese state-sponsored cyber operations have shifted from broad intellectual property theft to a more targeted approach supporting strategic, economic, and geopolitical goals.
10. Chinese state-sponsored groups have exploited multiple zero-day vulnerabilities since the beginning of 2021.
Please note that these takeaways are a summary of the meeting notes and should not be considered exhaustive.