Chinese hackers stole Mekong data from Cambodian foreign ministry - sources

hackers

PHNOM PENH/HANOI, July 22 (Reuters) - Buried in a long U.S. indictment accusing China of a global cyberespionage campaign was a curious detail: Among the governments targeted by Chinese hackers was Cambodia, one of Beijing's most loyal Asian allies.

The target of the hack, which two sources with knowledge of the indictment said was Cambodia's foreign ministry, was also revealing - discussions between China and Cambodia over the use of the Mekong River, which has become a new battleground for U.S. and Chinese influence in Southeast Asia.

Four Chinese nationals - three security officials and a contract hacker - have been charged in the United States with attacks aimed at dozens of companies, universities and government agencies in the United States and abroad, the U.S. Justice Department said on Monday. 

Reaction from the defendants named in the indictment was not immediately available.

The accusations, which China has said were fabricated and politically motivated, were outlined in a 30-page U.S. court indictment detailing the activities of what it said was a front company run by Chinese state security in Hainan, a Chinese island province near Southeast Asia.

Among the hackers' targets was "Cambodian Government Ministry A", according to the indictment, from which they "stole data pertaining to discussions between the governments of China and Cambodia over the use of the Mekong River" in January 2018.

That ministry was Cambodia's Ministry of Foreign Affairs, two sources with direct knowledge of the indictment told Reuters.

China's embassy in Cambodia did not respond to two emailed requests from Reuters for comment. In a post on its WeChat messaging account, the embassy rejected the U.S. allegations and said it had received no request for comment from Reuters.

In a response to questions from Reuters, China's foreign ministry said the accusations were groundless and that the United States was the world's largest source of cyber attacks.

A Cambodian foreign ministry spokesperson referred questions to the telecommunications ministry, which declined to comment. Government spokesperson Phay Siphan declined to comment.

'SECRETS AND DATA'

The 4,350-km (2,700-mile)-long Mekong, known as the Lancang in its upper reaches, flows from China along the borders of Myanmar, Laos and Thailand through Cambodia and Vietnam, where it has supported farming and fishing communities for millennia.

Like the South China Sea, the Mekong River has become a front in U.S.-China rivalry, with Beijing overtaking Washington in both spending and influence over downstream countries at the mercy of its control of the river's waters.

According to the indictment, Chinese hackers obtained data from the Cambodian ministry on the same day Cambodia hosted the China-backed, Lancang-Mekong Cooperation (LMC) leaders summit with China, Laos, Myanmar, Thailand and Vietnam in Phnom Penh, the Cambodian capital, on Jan. 10, 2018.

The data obtained by the hackers pertained to those discussions, the indictment said, without elaborating.

On the same day, the hackers hid and transmitted "trade secrets and proprietary hydroacoustic data" within digital images of a koala bear and then-U.S. President Donald Trump, according to the indictment. It said the material was sent to an online account controlled by the hackers.

It was not clear if the hydroacoustic data - data collected by sonar and used to monitor underwater features - was of the Mekong River area.

Last week, U.S. Secretary of State Antony Blinken told Southeast Asian foreign ministers the United States supported a "free and open Mekong region" under the Washington-backed Mekong-U.S. Partnership.