Cross-Border Cyberattacks Surge as Thailand–Cambodia Tensions Escalate

For Immediate Release – July 29, 2025

Bangkok, July 29, 2025 – A sharp increase in cyberattacks has emerged amid the ongoing Thailand–Cambodia border conflict, targeting critical systems and data in both countries. Recent incidents reveal a coordinated cyber offensive unfolding alongside physical clashes, with attacks striking government agencies, military networks, media outlets, and financial platforms. These attacks – involving massive Distributed Denial of Service (DDoS) barrages, website defacements, and sophisticated disinformation campaigns – are raising alarms about regional digital security and national security vulnerabilities.

The 11th-century Preah Vihear Temple on the Thai–Cambodian border, a historic flashpoint of dispute, now also sits at the center of rising cyber conflict in the region.

Nature and Scope of the Cyberattacks

Since a deadly border clash in late May, nationalist hacktivist groups from Cambodia and Thailand have escalated operations in cyberspace. A Cambodian group known as AnonSecKh (also called “ANON-KH” or “Bl4ckCyb3r”) claimed at least 73 cyber assaults on Thai targets in the two weeks following a May 28 skirmish that killed a Cambodian soldier. The group began by attacking Thai government websites in March and later broadened its campaign to academia and the private sector. Its tactics primarily include DDoS attacks, which flood servers with malicious traffic, often paralyzing websites, as well as web defacements and other disruptive intrusions. Thai authorities report that these attacks spiked dramatically after key events in the conflict – for example, following a June 6 military statement that Thailand was “ready for a high-level operation,” digital attack volumes surged in retaliation.

Thai government and military sites have borne the brunt of the onslaught, accounting for nearly half of the incidents recorded. However, the campaign’s scope is broad: manufacturing companies, financial institutions, and media outlets have also been targeted. According to threat intelligence from Radware, government websites made up about 30% of the reported targets and military systems about 26%, followed by manufacturing (15%) and finance (7%) during the initial attack wave. This suggests an intent to disrupt not only state operations but also economic and civilian sectors. Notably, Thai news media have been hit particularly hard. Nation Group, which runs prominent outlets The Nation Thailand and Thai News, confirmed it suffered over 223 million malicious hits in 24 hours as part of a coordinated DDoS campaign originating from Cambodian sources. The media group also faced mass harassment on social media – including the mass creation of fake accounts and coordinated false reports to trigger takedowns – as part of an information operation tied to the border conflict. These tactics aim to silence or discredit Thai reporting on the crisis by overwhelming systems and exploiting automated content moderation.

In response, Thai cybersecurity officials have issued urgent warnings to fortify defenses. The operations center of Thailand’s Second Army Region (which oversees the Cambodian border area) cautioned that hacker groups “believed to be operating from Cambodia” are actively targeting Thai government agencies, state enterprises, and private organizations. The advisory noted that such intrusions could compromise sensitive data, undermine public confidence, and even “destabilise national infrastructure” if successful. Thai authorities are treating these incursions as a serious national security concern and have stood up a “cyber war room” to monitor threats in real time. Meanwhile, Cambodia has publicly denied Thai allegations of engaging foreign (North Korean) hackers in the conflict. In a July 7 statement, Cambodia’s Ministry of Post and Telecommunications condemned the hacking claims as a “malicious attempt…to tarnish Cambodia’s reputation” and asserted “no connection whatsoever with North Korean hacker groups”. At the same time, Phnom Penh officials counter-accused a Thai hacker collective called “BlackEye-Thai” of launching cyberattacks against nearly all major Cambodian government online systems over a two-week period in early July. Cambodian cybersecurity defenses reportedly thwarted those attempts with only minor disruptions observed. These dueling accusations underscore how both nations are now confronting cyber threats attributed to actors across the border.

Technical Methods and Threat Actors

Investigation into the attack patterns indicates a mix of politically motivated hacktivism and potential state-enabled operations. The DDoS campaigns unleashed by AnonSecKh on Thai domains have been especially intense: the group has shared “proof-of-impact” reports on Telegram to validate its claimed takedowns of Thai websites. In many cases, Thai government portals and even provincial administration sites were flooded with traffic, forcing them offline. More covert tactics like website defacement have also been employed – for instance, inserting propaganda messages or nationalistic banners onto Thai web pages. Thai cyber police officials noted that between June 4 and June 10 alone, AnonSecKh boasted of hitting high-profile targets including the Thai Ministry of Defence, Ministry of Foreign Affairs, and the Bangkok city administration’s website. Two suspected members of this group are already facing Thai arrest warrants as authorities work to unmask the perpetrators and deter further attacks.

On the Cambodian side, the hacker group BlackEye-Thai allegedly attempted penetration of critical Cambodian government networks, likely using methods ranging from intrusion malware to DDoS, though specifics remain classified. Cambodian officials maintain that their security measures prevented any serious breach. Notably, both countries have also grappled with a surge of disinformation accompanying the cyber assaults. False narratives and doctored media have proliferated on Facebook and messaging apps, aimed at inflaming public sentiment or spreading confusion. Thai authorities have warned citizens to beware of fabricated stories – such as claims that “Thailand will seize Cambodia if Cambodia does not withdraw its forces” or that “Thailand is preparing to invade” – some of which were propagated by bots and even used AI-generated voices impersonating Cambodian leaders. Cambodian police likewise alerted the public about fake news originating from abroad, cautioning that some misleading posts were crafted with AI to mimic official statements. This indicates a highly technical influence operation running in parallel with network attacks, leveraging deepfake technology and social engineering to erode trust.

Cybersecurity analysts note that the precision and timing of these attacks demonstrate considerable coordination. “AnonSecKh’s activity highlights several key risks,” an analysis by Radware stated. “Their attacks are tightly linked to political incidents and show a reactive pattern… The sharp jump in volume following key events reflects a high level of coordination and intent. Finally, the choice of targets – government resources, universities, financial institutions – raises concerns about potential real-world disruptions. These attacks aren’t just aimed at making a statement; they attempt to damage public trust and interfere with essential services.” In other words, the threat actors involved are not merely vandalizing websites for notoriety – they appear intent on undermining confidence in public institutions, disrupting daily life, and exploiting any digital weaknesses to advance their side’s agenda. There are even unconfirmed allegations of more advanced cyber espionage: Thai sources have speculated that Cambodian actors might be receiving backing or tools from foreign hacker networks (an allusion to North Korean or other third-party involvement), while Cambodian officials suspect Thai cyber units of probing their defense systems. Although direct state sponsorship has not been proven and both governments officially deny launching cyberattacks, the blurred line between patriotic hacktivists and state actors in this conflict raises concern among regional security experts.

Economic and Geopolitical Implications

The cyber conflict unfolding between Thailand and Cambodia carries serious economic and geopolitical ramifications, compounding the fallout from the border hostilities. Cross-border trade and commerce are already under strain: multiple border crossings have been shuttered, and Cambodia imposed bans on certain Thai products in retaliation to the dispute. Tourism and local businesses in the border provinces are suffering from the instability. Should the cyberattacks continue or escalate, they threaten to further undermine economic activity – for example, sustained DDoS attacks on financial services or e-commerce platforms could hinder transactions and shake investor confidence. Manufacturing firms targeted by these hacks (over 15% of the incidents) risk production downtime and supply chain disruptions, which could have ripple effects on regional markets. Moreover, critical infrastructure could be at risk if hostilities spill over into more destructive cyber operations. Thus far, the known attacks have centered on websites and information systems, but national infrastructure (power grids, transportation, telecommunications) represents a high-value target in any broader conflict scenario. Officials worry that a successful strike on critical systems – for instance, if a power outage or telecom blackout were caused in a border region – could not only endanger lives but also provoke a heavier military response.

From a national security standpoint, these cyber incidents are eroding trust between Bangkok and Phnom Penh at a dangerous moment. Sensitive diplomatic communications have already been compromised: a private call between Thai Prime Minister Paetongtarn Shinawatra and Cambodia’s former leader Hun Sen was leaked online amid the feud, fueling political uproar in Thailand. The leak, allegedly originating from the Cambodian side, sparked allegations of Thai leadership “kowtowing” to Phnom Penh and even contributed to the Thai PM’s temporary suspension pending an ethics probe. This episode illustrates how cyber tactics – whether hacking, intercepting, or simply recording and releasing sensitive audio – can be used as political weapons, undermining leadership credibility and straining civil-military relations. Both governments have also accused each other of abetting cybercrime operations under the cover of the crisis. Thai investigators, for example, have pointed to difficulties in cooperating with Cambodia on shutting down transnational online scam networks (some linked to powerful figures) because the diplomatic rift has stalled information sharing. In turn, Cambodian officials countered that Thai authorities themselves indirectly enabled scam operations by supplying electricity and internet to criminal hubs along the border. This mutual distrust is impairing joint law enforcement efforts, thereby creating safe havens for cybercriminals and potentially allowing organised crime to thrive in the shadows of the conflict.

Regionally, the geopolitical stakes are high. The Thailand–Cambodia cyber clashes mark one of the first instances of two ASEAN member states engaging in overt digital conflict tied to a territorial dispute. Analysts warn that this could set a worrisome precedent and pose a test for ASEAN’s unity and regional cybersecurity framework. ASEAN has placed great emphasis on digital integration and cooperation for economic development; a protracted cyber hostilities between two members could destabilize regional cyberspace and complicate collaborative initiatives. Thus far, ASEAN’s response has been muted, sticking to quiet diplomacy even as the situation deteriorates. There is concern that if the rift deepens, it might spill into ASEAN forums and undermine cooperative mechanisms – for instance, joint cyber exercises, intelligence sharing networks, and the upcoming ASEAN Cybersecurity Cooperation Strategy (2026–2030) could be jeopardized. A tangible risk is that bilateral digital distrust will erode the effectiveness of platforms like the ASEAN Regional CERT incident-response network, where Thailand and Cambodia are expected to collaborate on containing cyber threats. Additionally, adherence to agreed norms of responsible state behavior in cyberspace may falter under the pressure of this feud. Both nations have endorsed global norms (such as refraining from attacking critical infrastructure and not allowing one’s territory to be used for harmful cyber acts), but continued tit-for-tat cyber strikes could lead to norms being violated or ignored. Observers note a paradox: while sticking to these norms would help prevent dangerous escalation, doing so might limit each side’s options for digital retaliation. This creates a diplomatic dilemma for the region – how to enforce rules of the road in cyberspace when nationalistic fervor and security fears are running high.

In the worst-case scenario, if the cyber exchange intensifies unchecked, it could trigger broader security consequences. Escalation might invite external actors or proxies into the fray (as evidenced by the disputed claims about North Korean hackers), internationalizing what is currently a bilateral standoff. Additionally, severe cyber damage to one country’s critical systems could be misperceived as a prelude to kinetic military action, potentially prompting a forceful response on the ground. Such escalation spirals are precisely what regional leaders hope to avoid. As one cybersecurity expert cautioned, “bilateral tensions in cyberspace, if they persist, could signal the start of open or discreet cyber contestation between ASEAN member states arising from disputes over sovereignty”. In other words, the Thailand–Cambodia case may become a benchmark for how (or how not) to manage interstate cyber disputes in Southeast Asia moving forward.

Response and Recommendations for Regional Cybersecurity

Given the high stakes, a coordinated response is urgently needed to contain the cyber threats and strengthen resilience. Cybersecurity professionals are advising a multi-pronged approach that blends immediate incident response with long-term strategy and diplomatic engagement.

Key recommendations include:

1. Immediate Hardening of Cyber Defenses: Both Thai and Cambodian organizations – government and private sector alike – should audit and fortify their IT systems without delay. This includes patching all software to the latest versions, reviewing firewall and antivirus configurations, and disabling any unnecessary services that could be exploited. Critical infrastructure operators (energy, water, telecom, finance) must heighten network monitoring for anomalies and ensure data backups are securely in place. Vigilance against phishing and malware infiltration is paramount: staff should be reminded to avoid clicking suspicious links or attachments, use strong authentication, and report any unusual system behavior immediately.
2. Activate Incident Response and Intelligence Sharing: National cyber incident response teams (ThaiCERT and CamCERT) and law enforcement cyber units should be on high alert and in constant communication. A joint or neutral “cyber hotline” between Thai and Cambodian authorities – even if broader relations are strained – could help rapidly de-conflict any cyber incidents that might be misconstrued and prevent accidental escalation. Officials are also coordinating with international partners; for example, Thai regulators have reached out to platforms like Meta (Facebook) to help curb abuse and fake-account campaigns originating from abroad. Sharing of threat intelligence (such as DDoS indicators, malware signatures, and botnet data) through ASEAN’s regional networks or via trusted intermediaries will improve each side’s ability to detect and contain attacks in real time. Law enforcement collaboration, possibly facilitated by Interpol or neutral ASEAN neighbors, should be rebooted to pursue the criminal syndicates exploiting the chaos (e.g. those running scam centers). Notably, Thai cyber police have already obtained arrest warrants for individuals tied to the hacktivist attacks; cooperative efforts can ensure such perpetrators find no safe haven across the border.
3. Public Assurance and Counter-Disinformation Efforts: To maintain public confidence, both governments (and independent institutions) must provide transparent updates on the cyber situation and decisively refute false information. Proactive public advisories about ongoing scams or fake news – such as the alerts issued by Thai and Cambodian authorities regarding bogus war rumors and AI-generated forgeries – will help inoculate the population against misinformation. It is equally important to leverage tech platforms in this fight: prompt reporting of fake accounts, coordinated takedowns of bot networks, and possibly temporary content moderation guardrails (for example, for conflict-related keywords) could slow the spread of harmful propaganda. Media outlets should continue to fact-check and responsibly report on the cyber aspects of the conflict, to deny malign actors control of the narrative. By out-communicating the attackers, officials can reduce panic and prevent the erosion of trust that the cyber campaigns seek to achieve.
4. Diplomatic Engagement and Norms Reinforcement: Even as immediate threats are addressed, the longer-term strategy must involve diplomatic measures to de-escalate the cyber conflict. ASEAN is urged to step off the sidelines and facilitate dialogue specifically on cyber issues between Thailand and Cambodia. This could be through an emergency ASEAN Digital Ministers meeting or the ASEAN Regional Forum’s cybersecurity channel. The goal would be to establish basic understandings – a “cyber ceasefire” – such as mutual agreement to refrain from targeting each other’s critical infrastructures, hospitals, or other civilian services, in line with the global norms of responsible state behavior that all ASEAN nations have endorsed. Emphasizing these norms (for example, no harm to critical infrastructure and no harboring of cybercriminals) is crucial to preventing uncontrolled escalation. Confidence-building measures could also be expanded: joint workshops, information exchanges, or even inviting observers to national cyber exercises might rebuild a measure of trust over time. Regionally, it’s important that the current feud not derail the collective cybersecurity agenda. Cambodia and Thailand should continue to participate in ASEAN cybersecurity working groups (such as the ASEAN Defence Ministers’ Meeting-Plus Experts’ Working Group on Cybersecurity) without allowing bilateral tensions to stall progress. Neutral co-chairs or mediators (like Singapore or Australia, which co-leads the mentioned working group) can help keep discussions professional and focused on common goals.
5. Strengthening Cyber Resilience and Deterrence: Both nations, and the region as a whole, must invest in more robust cyber resilience for the future. This includes funding for advanced threat detection systems, regular penetration testing of critical networks, and developing local cybersecurity talent to reduce skill gaps. Establishing or enhancing dedicated cyber commands within the military structures could improve each country’s defensive readiness (and provide a clearer chain of command for cyber operations to avoid rogue actions). At the same time, a degree of cyber deterrence could be achieved by clearly signaling the ability to attribute attacks and respond in kind if necessary – though always calibrated within the bounds of international law and norms. For instance, openly indicting or sanctioning individuals and groups found responsible for major attacks can serve as a warning. Ultimately, credible deterrence goes hand-in-hand with diplomacy: the objective is to convince would-be attackers that malicious cyber activities will be detected, will not achieve strategic advantage, and may incur consequences, thus dissuading escalation.
6. Regional Capacity Building and Alliance Coordination: The incident highlights a need for broader regional capacity-building. ASEAN members could accelerate the creation of a regional cyber crisis response team or improve the ASEAN-Singapore Cyber Centre of Excellence programs to train officials in handling state-sponsored cyber threats. Cooperative initiatives with external partners are equally valuable – for example, sharing best practices and cyber threat intelligence with allies like Japan, the United States, or India, which have all supported ASEAN cybersecurity development. Aligning with international cyber norms also means backing global efforts at the United Nations to develop rules for responsible cyber behavior. Both Thailand and Cambodia can demonstrate leadership by supporting such norms and by committing to not use cyberattacks against each other’s critical systems, thus setting a positive precedent in the region.

Conclusion: The surge of cyberattacks around the Thailand–Cambodia border conflict is an urgent wake-up call. It underscores how quickly a conventional dispute can expand into the digital realm, with consequences for economic stability, public safety, and regional cohesion. “The tensions have unquestionably made cyberspace a domain of conflict between Cambodia and Thailand,” observes a regional security analyst, one that now accompanies their contest in diplomatic, economic, and military arenas. Yet, managing this new front need not be a zero-sum game. By bolstering defenses, cooperating on incident response, respecting international norms, and engaging in frank diplomacy, Thailand and Cambodia – with ASEAN’s support – can contain the immediate threats and prevent further escalation.

The broader ASEAN community has a stake in the outcome: ensuring that digital quarrels do not threaten regional stability or derail the vision of a secure, interconnected Southeast Asian digital economy. This coordinated approach will not only address the current crisis but also build a stronger foundation to withstand future cyber challenges in the region.