Hack attack: Vietnamese hackers use Cambodian news website to attack Licadho, Cambodian human rights NGO.

Cambodia news in English! Here you'll find all the breaking news from Cambodia translated into English for our international readership and expat community to read and comment on. The majority of our news stories are gathered from the local Khmer newspapers, but we also bring you newsworthy media from Cambodia before you read them anywhere else. Because of the huge population of the capital city, most articles are from Phnom Penh, but Siem Reap, Sihanoukville, and Kampot often make the headlines as well. We report on all arrests and deaths of foreigners in Cambodia, and the details often come from the Cambodian police or local Khmer journalists. As an ASEAN news outlet, we also publish regional news and events from our neighboring countries. We also share local Khmer news stories that you won't find in English anywhere else. If you're looking for a certain article, you may use our site's search feature to find it quickly.
User avatar
CEOCambodiaNews
Expatriate
Posts: 62322
Joined: Sun Oct 12, 2014 5:13 am
Reputation: 4033
Location: CEO Newsroom in Phnom Penh, Cambodia
Contact:
Cambodia

Hack attack: Vietnamese hackers use Cambodian news website to attack Licadho, Cambodian human rights NGO.

Post by CEOCambodiaNews »

Vietnamese hackers trigger software trap after Australian sale of newspaper in Cambodia
15 May 2018
A Vietnamese state-linked hacking group has used a Cambodian newspaper website to attack a local human rights organisation, according to a leading cyber security firm.

The attack started just days after Australian mining magnate Bill Clough sold the newspaper to Malaysian spin doctor Sivakumar Ganapathy, who specialises in "covert PR".

"Since last Tuesday [May 8], computers in our office were targeted by a malicious piece of code when we visited the Phnom Penh Post website," said Naly Pilorge, director of Licadho — one of Cambodia's leading human rights groups.
"We have taken precautions to defeat the targeted attack," Ms Pilorge told the ABC.

So-called "watering hole" attacks use popular websites to select targets and then direct specific malware attacks at them.

Licadho staff visiting the site are redirected to a fake Google page about privacy and then to a page called GTransfer which asks for permission to "read, send, delete and manage your email" and "view your contacts".

As of Tuesday afternoon, the attack attempts were still happening for Licadho staff.

"In this instance we're pretty confident that this is being carried out by a group we track as APT32," said Ben Wilson, a Canberra-based threat intelligence analyst with cyber security firm FireEye.

"They are what we believe to be a Vietnam-based nation state group that are acting in the interests of Vietnam's political interests," Mr Wilson told the ABC.
A screenshot of the scheme in action
Image
Photo: First the attack tricks users into providing their Google account data. (ABC News)
Image
Screenshot of hack attack attempt
Photo: Then it asks whether you will allow GTransfer access to your Google account. (ABC News)

APT32 has targeted foreign governments, as well as Vietnamese dissidents and journalists for at least five years.

Since 2014, FireEye has observed APT32 targeting foreign corporations with a vested interest in Vietnam's manufacturing, consumer products and hospitality sectors.

This particular malware campaign by APT32 is believed to have started in late 2016 and is the first state-linked hacking outfit identified by FireEye that is not Chinese or Russian.

"This kind of selective targeting allows the actors to stay under the radar a bit longer, you're less likely to tip off someone [than] if they're just redirecting all visitors to these websites to a malicious location," said Mr Wilson.

FireEye first detected the Phnom Penh Post had been compromised in November 2017.

Using Wayback Machine — a research tool that allows a snapshot of webpages as they existed on certain dates — it is clear that malicious 'eval()' code used to trigger the targeted attack was added to the Phnom Penh Post website on or around May 8.
Full article: http://www.abc.net.au/news/2018-05-15/h ... le/9763906
Join the Cambodia Expats Online Telegram Channel: https://t.me/CambodiaExpatsOnline

Cambodia Expats Online: Bringing you breaking news from Cambodia before you read it anywhere else!

Have a story or an anonymous news tip for CEO? Need advertising? CONTACT US

Cambodia Expats Online is the most popular community in the country. JOIN TODAY

Follow CEO on social media:

Facebook
Twitter
YouTube
Instagram
User avatar
CEOCambodiaNews
Expatriate
Posts: 62322
Joined: Sun Oct 12, 2014 5:13 am
Reputation: 4033
Location: CEO Newsroom in Phnom Penh, Cambodia
Contact:
Cambodia

Re: Hack attack: Vietnamese hackers use Cambodian news website to attack Licadho, Cambodian human rights NGO.

Post by CEOCambodiaNews »

17 May 2018
- Rumours that The Phnom Penh Post’s website was taken over by Vietnamese hackers were denied by members of the company’s staff on Wednesday after running technical tests on its network.

Naly Pilorge, the director of local human rights NGO Licadho, was quoted by Australia’s ABC News as saying, “Since last Tuesday [May 8], computers in our office were targeted by a malicious piece of code when we visited The Post’s website.”

Licadho staff declined to speak with a Post reporter when contacted to verify the matter.

However, tests done by the news site’s technical team found no “malicious code”.

Seng Nak, The Post’s IT manager, said: “We have double-checked our whole system and there is nothing wrong with it. We have not been hacked.”
“I can only guess that it is that [Licadho’s] system that was hacked, not ours.”
https://www.phnompenhpost.com/national/ ... ms-hacking
Join the Cambodia Expats Online Telegram Channel: https://t.me/CambodiaExpatsOnline

Cambodia Expats Online: Bringing you breaking news from Cambodia before you read it anywhere else!

Have a story or an anonymous news tip for CEO? Need advertising? CONTACT US

Cambodia Expats Online is the most popular community in the country. JOIN TODAY

Follow CEO on social media:

Facebook
Twitter
YouTube
Instagram
Post Reply Previous topicNext topic
  • Similar Topics
    Replies
    Views
    Last post

Who is online

Users browsing this forum: Ahrefs [Bot], ali baba, Amazon [Bot], Clutch Cargo, Deefer, Google [Bot], Kayve, WildAlaskaKen and 1308 guests