Cambodian Rights Group Hacked Amid Concerns Over China-Linked Cyber Espionage Group

cambodia-adhoc-website-hack-july-2018-crop.jpg A screenshot shows Adhoc's website on July 19, 2018.

A local rights group in Cambodia said Thursday that it had fallen victim to a hacking attack a week after a U.S. cybersecurity firm announced that an espionage group believed linked to China’s government had targeted a number of stakeholders in a hacking operation ahead of an election later this month.

Rights group Adhoc said in a statement that its website,, had been shut down by a hacker and replaced with a message which reads, “Sorry, we’re doing some work on the site.”

“Adhoc is saddened and concerned after a hacker known as ‘Turksiberkarargh’ blocked information posted on our website,” the NGO said.

“Adhoc would like to make clear to the public that we are not responsible for any articles or content that contradict our views or our mission from [Thursday] going forward.”

The website remained blocked at the time of publishing.

The attack on Adhoc comes a week after U.S. cybersecurity firm FireEye said in a report that the espionage group known as TEMP.Periscope had launched cyberattacks on the computers of Cambodia’s top electoral body—the National Election Committee (NEC)—various government agencies, opposition members, and NGOs in the lead up to the country’s July 29 general election.

The report found that the ministries of foreign affairs, economics and finance, and interior were among those compromised in the attack, and marked the first time a Chinese entity had been accused of targeting Cambodia’s government.

On Thursday, FireEye’s senior manager for Cyber Espionage Analysis, Benjamin Read, told RFA’s Khmer Service that his firm had been tracking TEMP.Periscope for five years, and while he was unsure of whether they are a part of the army or the government, “we’re highly confident that they’re working on behalf of the Chinese state.”

“There’s a possibility that China was simply gathering this information to better understand the climate in Cambodia,” he said, noting that data had been stolen from both the now-dissolved opposition Cambodia National Rescue Party (CNRP) and Prime Minister Hun Sen’s ruling Cambodian People’s Party (CPP).

“That’s a pretty straightforward espionage mission—to collect that information,” he said.

“However, that broad-based collection ahead of an election like this does raise the possibility that they would do something else with that data.”

Read said that Cambodia has long been an ally of China, representing Beijing’s interests at regional fora, such as the Association of Southeast Asian Nations (ASEAN).

“So coming off the heels of a surprise result in the Malaysian elections a couple of months ago, it would be highly important to China to understand what was going to happen in the upcoming Cambodian elections,” he said.

In May, an election upset in Malaysia saw the opposition assume power after voters rejected a ruling party that had governed the country since its independence, and FireEye has suggested that China could be seeking to influence the elections of friendly nations to avoid such political shocks.

China’s Foreign Ministry has rejected claims that it was behind the hacking attacks in Cambodia.

Political climate

Cambodia’s Supreme Court dissolved the CNRP in November over allegations it was involved in a plot to topple the government, stripping the party’s officials of their posts and banning many lawmakers from politics for five years. The CNRP’s seats in parliament were distributed to government-friendly parties that had been rejected by voters.

The dissolution of the CNRP and the arrest of its president Kem Sokha, as well as a months-long crackdown on NGOs and the independent media, are measures widely seen as part of a bid by Hun Sen to ensure that the CPP stays in power in Cambodia following the July 29 general election. Hun Sen marks 33 years in office this year.

Last week, in reaction to FireEye’s report, NEC spokesman Hang Puthea confirmed that the committee’s website had been hacked, but said he “doubted” that the hackers had sought to “obtain secret information” pertaining to the upcoming election.

Cambodia’s Council of Ministers spokesman Phay Siphan said he was unaware of any state institution websites having been hacked in the TEMP.Periscope campaign, but condemned any would-be cyberattacks.

NGOs had also expressed concern over the report, noting that rights group Licadho had been targeted in the campaign, and wondering if they could be next.

FireEye was first alerted to the alleged hacking attack in June by Kem Sokha’s U.S.-based daughter, Kem Monovithya, after she repeatedly received suspicious emails purportedly sent by an investigator from a Cambodian rights group.

Reported by RFA’s Khmer Service. Translated by Samean Yun. Written in English by Joshua Lipes.


Add your comment by filling out the form below in plain text. Comments are approved by a moderator and can be edited in accordance with RFAs Terms of Use. Comments will not appear in real time. RFA is not responsible for the content of the postings. Please, be respectful of others' point of view and stick to the facts.