Hack attack: Vietnamese hackers use Cambodian news website to attack Licadho, Cambodian human rights NGO.
- CEOCambodiaNews
- Expatriate
- Posts: 62322
- Joined: Sun Oct 12, 2014 5:13 am
- Reputation: 4033
- Location: CEO Newsroom in Phnom Penh, Cambodia
- Contact:
Hack attack: Vietnamese hackers use Cambodian news website to attack Licadho, Cambodian human rights NGO.
Vietnamese hackers trigger software trap after Australian sale of newspaper in Cambodia
15 May 2018
A Vietnamese state-linked hacking group has used a Cambodian newspaper website to attack a local human rights organisation, according to a leading cyber security firm.
The attack started just days after Australian mining magnate Bill Clough sold the newspaper to Malaysian spin doctor Sivakumar Ganapathy, who specialises in "covert PR".
"Since last Tuesday [May 8], computers in our office were targeted by a malicious piece of code when we visited the Phnom Penh Post website," said Naly Pilorge, director of Licadho — one of Cambodia's leading human rights groups.
"We have taken precautions to defeat the targeted attack," Ms Pilorge told the ABC.
So-called "watering hole" attacks use popular websites to select targets and then direct specific malware attacks at them.
Licadho staff visiting the site are redirected to a fake Google page about privacy and then to a page called GTransfer which asks for permission to "read, send, delete and manage your email" and "view your contacts".
As of Tuesday afternoon, the attack attempts were still happening for Licadho staff.
"In this instance we're pretty confident that this is being carried out by a group we track as APT32," said Ben Wilson, a Canberra-based threat intelligence analyst with cyber security firm FireEye.
"They are what we believe to be a Vietnam-based nation state group that are acting in the interests of Vietnam's political interests," Mr Wilson told the ABC.
A screenshot of the scheme in action
Photo: First the attack tricks users into providing their Google account data. (ABC News)
Screenshot of hack attack attempt
Photo: Then it asks whether you will allow GTransfer access to your Google account. (ABC News)
APT32 has targeted foreign governments, as well as Vietnamese dissidents and journalists for at least five years.
Since 2014, FireEye has observed APT32 targeting foreign corporations with a vested interest in Vietnam's manufacturing, consumer products and hospitality sectors.
This particular malware campaign by APT32 is believed to have started in late 2016 and is the first state-linked hacking outfit identified by FireEye that is not Chinese or Russian.
"This kind of selective targeting allows the actors to stay under the radar a bit longer, you're less likely to tip off someone [than] if they're just redirecting all visitors to these websites to a malicious location," said Mr Wilson.
FireEye first detected the Phnom Penh Post had been compromised in November 2017.
Using Wayback Machine — a research tool that allows a snapshot of webpages as they existed on certain dates — it is clear that malicious 'eval()' code used to trigger the targeted attack was added to the Phnom Penh Post website on or around May 8.
Full article: http://www.abc.net.au/news/2018-05-15/h ... le/9763906
15 May 2018
A Vietnamese state-linked hacking group has used a Cambodian newspaper website to attack a local human rights organisation, according to a leading cyber security firm.
The attack started just days after Australian mining magnate Bill Clough sold the newspaper to Malaysian spin doctor Sivakumar Ganapathy, who specialises in "covert PR".
"Since last Tuesday [May 8], computers in our office were targeted by a malicious piece of code when we visited the Phnom Penh Post website," said Naly Pilorge, director of Licadho — one of Cambodia's leading human rights groups.
"We have taken precautions to defeat the targeted attack," Ms Pilorge told the ABC.
So-called "watering hole" attacks use popular websites to select targets and then direct specific malware attacks at them.
Licadho staff visiting the site are redirected to a fake Google page about privacy and then to a page called GTransfer which asks for permission to "read, send, delete and manage your email" and "view your contacts".
As of Tuesday afternoon, the attack attempts were still happening for Licadho staff.
"In this instance we're pretty confident that this is being carried out by a group we track as APT32," said Ben Wilson, a Canberra-based threat intelligence analyst with cyber security firm FireEye.
"They are what we believe to be a Vietnam-based nation state group that are acting in the interests of Vietnam's political interests," Mr Wilson told the ABC.
A screenshot of the scheme in action
Photo: First the attack tricks users into providing their Google account data. (ABC News)
Screenshot of hack attack attempt
Photo: Then it asks whether you will allow GTransfer access to your Google account. (ABC News)
APT32 has targeted foreign governments, as well as Vietnamese dissidents and journalists for at least five years.
Since 2014, FireEye has observed APT32 targeting foreign corporations with a vested interest in Vietnam's manufacturing, consumer products and hospitality sectors.
This particular malware campaign by APT32 is believed to have started in late 2016 and is the first state-linked hacking outfit identified by FireEye that is not Chinese or Russian.
"This kind of selective targeting allows the actors to stay under the radar a bit longer, you're less likely to tip off someone [than] if they're just redirecting all visitors to these websites to a malicious location," said Mr Wilson.
FireEye first detected the Phnom Penh Post had been compromised in November 2017.
Using Wayback Machine — a research tool that allows a snapshot of webpages as they existed on certain dates — it is clear that malicious 'eval()' code used to trigger the targeted attack was added to the Phnom Penh Post website on or around May 8.
Full article: http://www.abc.net.au/news/2018-05-15/h ... le/9763906
Join the Cambodia Expats Online Telegram Channel: https://t.me/CambodiaExpatsOnline
Cambodia Expats Online: Bringing you breaking news from Cambodia before you read it anywhere else!
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT US
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Facebook
Twitter
YouTube
Instagram
Cambodia Expats Online: Bringing you breaking news from Cambodia before you read it anywhere else!
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT US
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
YouTube
- CEOCambodiaNews
- Expatriate
- Posts: 62322
- Joined: Sun Oct 12, 2014 5:13 am
- Reputation: 4033
- Location: CEO Newsroom in Phnom Penh, Cambodia
- Contact:
Re: Hack attack: Vietnamese hackers use Cambodian news website to attack Licadho, Cambodian human rights NGO.
17 May 2018
- Rumours that The Phnom Penh Post’s website was taken over by Vietnamese hackers were denied by members of the company’s staff on Wednesday after running technical tests on its network.
Naly Pilorge, the director of local human rights NGO Licadho, was quoted by Australia’s ABC News as saying, “Since last Tuesday [May 8], computers in our office were targeted by a malicious piece of code when we visited The Post’s website.”
Licadho staff declined to speak with a Post reporter when contacted to verify the matter.
However, tests done by the news site’s technical team found no “malicious code”.
Seng Nak, The Post’s IT manager, said: “We have double-checked our whole system and there is nothing wrong with it. We have not been hacked.”
“I can only guess that it is that [Licadho’s] system that was hacked, not ours.”
https://www.phnompenhpost.com/national/ ... ms-hacking
- Rumours that The Phnom Penh Post’s website was taken over by Vietnamese hackers were denied by members of the company’s staff on Wednesday after running technical tests on its network.
Naly Pilorge, the director of local human rights NGO Licadho, was quoted by Australia’s ABC News as saying, “Since last Tuesday [May 8], computers in our office were targeted by a malicious piece of code when we visited The Post’s website.”
Licadho staff declined to speak with a Post reporter when contacted to verify the matter.
However, tests done by the news site’s technical team found no “malicious code”.
Seng Nak, The Post’s IT manager, said: “We have double-checked our whole system and there is nothing wrong with it. We have not been hacked.”
“I can only guess that it is that [Licadho’s] system that was hacked, not ours.”
https://www.phnompenhpost.com/national/ ... ms-hacking
Join the Cambodia Expats Online Telegram Channel: https://t.me/CambodiaExpatsOnline
Cambodia Expats Online: Bringing you breaking news from Cambodia before you read it anywhere else!
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT US
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Facebook
Twitter
YouTube
Instagram
Cambodia Expats Online: Bringing you breaking news from Cambodia before you read it anywhere else!
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT US
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
YouTube
-
- Similar Topics
- Replies
- Views
- Last post
-
- 1 Replies
- 736 Views
-
Last post by hanno
-
- 1 Replies
- 1132 Views
-
Last post by CEOCambodiaNews
-
- 2 Replies
- 1043 Views
-
Last post by techietraveller84
-
- 23 Replies
- 5898 Views
-
Last post by CEOCambodiaNews
Who is online
Users browsing this forum: Ahrefs [Bot], ali baba, Amazon [Bot], Clutch Cargo, Deefer, Google [Bot], Kayve, WildAlaskaKen and 1308 guests