China-linked espionage group, Rancour, reportedly trying to hack the Cambodian government

Phones, Internet, Computers and such.
User avatar
CEOCambodiaNews
Expatriate
Posts: 62322
Joined: Sun Oct 12, 2014 5:13 am
Reputation: 4033
Location: CEO Newsroom in Phnom Penh, Cambodia
Contact:
Cambodia

China-linked espionage group, Rancour, reportedly trying to hack the Cambodian government

Post by CEOCambodiaNews »

This China-linked espionage group keeps trying to hack the Cambodian government
Written by Sean Lyngaas
Dec 17, 2019 | CYBERSCOOP

There is no shortage of malware that government-backed hackers can get from the public domain, saving them the trouble of developing their own code. But to meet their intelligence-gathering needs, plenty of groups still roll up their sleeves and build their own kits.

A Chinese espionage outfit known as Rancor has been particularly active on that front. New findings from Palo Alto Networks’ Unit 42 research unit, shared exclusively with CyberScoop, show how, over the past year, the group has tried to break into the network of an unnamed Cambodian government organization and deploy their custom malware.

First, the group laced a Microsoft Excel document with previously undocumented malware in an attempted breach of the Cambodian organization in December 2018 and January 2019, Unit 42 said. When that didn’t work, Rancor packed a computer script with a bunch of potentially infectious code, Unit 42 researchers discovered in July.

The research shows the lengths to which well-resourced groups will go to develop their own hacking tools. Since Rancor’s emergence in 2017, “the only tools we’ve seen them use are all custom” — either unique to Rancor or to a small cluster of Chinese espionage groups, said Jen Miller-Osborn, Unit 42’s deputy director of threat intelligence.

“They have whatever their target list is and, if they aren’t currently in them, they have spent the entire year trying to ensure that they have access to these organizations,” Miller-Osborn told CyberScoop.

The prolific malware development is consistent with a group that is dead-set on getting into their target networks. But ironically, Unit 42 said, none of the attacks on the Cambodian government organization appear to have been successful; the target has blocked the malware at each turn.

Miller-Osborn declined to name the Cambodian government organization, but did say it “is exactly who you would expect an espionage-based group to target.” And given Rancor’s persistence to date, she expects the group to continue to try to breach the Cambodian organization.

Other researchers have taken note of Rancor’s activity in Southeast Asia, which has also included hacking attempts in Singapore. In October, cybersecurity company Check Point said that the group had targeted five unnamed government agencies in the region.

The Chinese government has looked to project its military and economic power throughout Southeast Asia, often clashing with U.S. interests. In Cambodia, the Chinese military has reportedly struck an agreement to use a naval base, while Chinese companies have invested billions of dollars in the country.

With those interests at stake, any number of Cambodian government organizations could make an attractive target for Chinese hackers. Ahead of the July 2018 general election in Cambodia, China-linked hackers breached the networks of the opposition political party.

“It’s not surprising that China is covering all of its bases and wanting to understand what’s happening inside Cambodia, inside government ministries [there],” said Brian Harding, deputy director of the Southeast Asia Program at the Center for Strategic and International Studies.
https://www.cyberscoop.com/rancor-group ... -networks/
Join the Cambodia Expats Online Telegram Channel: https://t.me/CambodiaExpatsOnline

Cambodia Expats Online: Bringing you breaking news from Cambodia before you read it anywhere else!

Have a story or an anonymous news tip for CEO? Need advertising? CONTACT US

Cambodia Expats Online is the most popular community in the country. JOIN TODAY

Follow CEO on social media:

Facebook
Twitter
YouTube
Instagram
willyhilly
Expatriate
Posts: 1758
Joined: Sun Jan 17, 2016 7:11 am
Reputation: 357
Location: Australia
Albania

Re: China-linked espionage group, Rancour, reportedly trying to hack the Cambodian government

Post by willyhilly »

I had a spook in my cab who told me that the worst offenders trying to hack the Australian military are the Chinese and the Singaporeans.
explorer
Expatriate
Posts: 2417
Joined: Sat Apr 14, 2018 9:37 pm
Reputation: 768
Australia

Re: China-linked espionage group, Rancour, reportedly trying to hack the Cambodian government

Post by explorer »

Years ago I got malware on my computer. So I started saving details of where everything unsolicited was coming from. More came from China than anywhere else. This was while I was in Australia. There is a lot of secretive stuff going on with the Chinese.

A small amount came from Cambodia, which suggests some computers in Cambodia already had malware on them.
## I thought I knew all the answers, but they changed all the questions. ##
Anthony's Weiner
Expatriate
Posts: 1634
Joined: Tue Nov 21, 2017 4:00 am
Reputation: 1076
United States of America

Re: China-linked espionage group, Rancour, reportedly trying to hack the Cambodian government

Post by Anthony's Weiner »

willyhilly wrote: Wed Dec 18, 2019 2:36 pm I had a spook in my cab who told me that the worst offenders trying to hack the Australian military are the Chinese and the Singaporeans.
Brother they are trying to become your government.

Melbourne car dealer Nick Zhao may or may not have been approached by Chinese state operatives offering $1 million for the Liberal Party member to run for parliament. He’s dead and a coronial inquiry is underway. The new head of the Australian Security Intelligence Organisation, Mike Burgess, has said that ‘Australians can be reassured that ASIO was previously aware of matters that have been reported today, and has been actively investigating them.’ That’s good, if sobering, news because it tells us the allegations published in The Age and Sydney Morning Herald and aired on 60 Minutes are credible.

And apparent defector Wang Liqiang may or may not be an intelligence operative who worked for the Chinese Communist Party to compromise and disrupt pro-democracy students and groups in Hong Kong and who ran similar activities to disrupt Taiwan’s democracy. Wang has also reportedly said spies from Beijing were ‘operating with impunity in Australia’...
https://www.aspistrategist.org.au/chine ... g-picture/
Post Reply Previous topicNext topic
  • Similar Topics
    Replies
    Views
    Last post

Who is online

Users browsing this forum: No registered users and 84 guests