Chinese APT actors target and compromise Cambodian government entities, masquerading as a cloud backup service. The infrastructure exhibits malicious nature and persistent connections. China's investment in Cambodia's naval base caused controversy. #ChineseAPT #cybersecurity
Malicious SSL certificates used by the threat actors were linked to several domains masquerading as cloud storage services. These domains draw high levels of traffic during data exfiltration. #malware #cyberattack
Around 24 Cambodian government organizations regularly communicated with the APT infrastructure. The organizations provide critical services including defense, election oversight, and finance. #cybersecurity #government
The threat actor's activity aligned with Cambodian business hours and China's Golden Week holidays, confirming their Chinese origin. #threatactors #GoldenWeek
A detailed report about the compromise and government entities has been published. #cybersecurityreport #governmentcompromise