A simmering cyber conflict between Thailand and Cambodia has thrust Southeast Asia into the spotlight, revealing critical gaps in regional cybersecurity frameworks and challenging ASEAN’s ability to manage digital warfare among its member states. Between late May and mid-June 2025, a Cambodian hacktivist group known as AnonSecKh claimed responsibility for dozens of distributed denial-of-service (DDoS) attacks on Thai government and military websites, while Thai hacker collectives have reportedly retaliated with sweeping assaults on Cambodian digital infrastructure. This escalating cyber crossfire not only complicates diplomatic efforts to de-escalate border tensions but also underscores the urgent need for ASEAN to address the legal and operational ambiguities surrounding cyber conflicts.
A New Frontier of Conflict
The cyber skirmishes began intensifying between May 28 and June 10, 2025, when AnonSecKh, also referred to as ANON-KH or Bl4ckCyb3r, publicly took credit for 73 politically motivated DDoS attacks targeting Thai institutions. Approximately 30 percent of these attacks focused on government portals, while another 26 percent struck military infrastructure, aiming to disrupt critical online services. In response, Thai hacker groups, including one identified as BlackEye-Thai, are alleged to have launched widespread attacks on nearly all Cambodian government online systems since mid-July. Additionally, another group, KH Night Mare, reportedly leaked 800GB of sensitive data on Cambodian officials, claiming to have penetrated top-secret government servers.
These actions exploit the anonymity of cyberspace, allowing both state and non-state actors to align their attacks with national interests while maintaining plausible deniability for any official backing. This blurring of lines between state responsibility and independent hacktivism complicates efforts to attribute attacks and hold perpetrators accountable. Amid the digital chaos, both nations have traded accusations: Cambodia has pointed fingers at Thai hackers for targeting its governmental websites, while Thailand has alleged that Cambodian operations may involve foreign cyber assets, including from North Korea. To counter these threats, Thailand has reportedly set up a 24/7 cyber war room in collaboration with military and cybersecurity agencies to monitor attacks and combat disinformation campaigns linked to Cambodian sources. 
Rare Regional Cyber Hostilities
While cyberattacks have become a hallmark of modern interstate conflicts—evident in the ongoing Russia-Ukraine war—such digital hostilities between Southeast Asian nations are uncommon. The Thai-Cambodian cyber exchanges stand out as a rare instance of regional neighbors engaging in sustained digital warfare, amplifying existing diplomatic frictions over border disputes. Beyond immediate bilateral tensions, this conflict highlights a broader vulnerability across Southeast Asia, where cross-border animosities, coupled with state fragility and limited resources, could easily escalate into gray zone cyber operations—actions that fall just short of outright warfare but still inflict significant damage.
The potential consequences of such attacks are severe. Disruptions to government portals, financial systems, and critical infrastructure can paralyze public services and erode trust in state institutions, particularly when paired with malicious disinformation campaigns. For ASEAN, a region already navigating complex geopolitical dynamics, the inability to prevent or mitigate these cyber incidents poses a direct threat to stability and public confidence in governance.
Legal and Normative Gaps in Cyberspace
At the heart of ASEAN’s challenge lies the inadequacy of current international legal frameworks to regulate cyber conduct during interstate disputes. While principles from the UN Charter, international humanitarian law, and human rights treaties are generally understood to apply to cyberspace, key definitions remain unresolved. For instance, what constitutes a use of force or an armed attack in the digital realm is still debated among legal scholars and policymakers. Moreover, international law often hinges on clear attribution to establish state responsibility—a near-impossible task when cyberattacks are conducted through proxies or hacktivist groups operating with implicit state support.
Even principles like due diligence, which require states to prevent harmful cyber activities originating from their territory, are difficult to enforce without robust bilateral intelligence-sharing or technical cooperation mechanisms. Such arrangements are often undermined during conflicts, as seen in the current Thai-Cambodian spat. Non-binding efforts, such as the Tallinn Manual—a set of guidelines interpreting how existing international laws apply to cyber operations—and ASEAN’s own Checklist for the Implementation of the Norms of Responsible State Behaviour in Cyberspace, lack enforceable mechanisms and fail to address cyber conduct during interstate tensions within the region.
The result is a normative vacuum that leaves ASEAN member states vulnerable to cyber aggression. Without dispute resolution mechanisms or confidence-building measures tailored to the region’s unique geopolitical context, state and non-state actors can exploit strategic ambiguity to launch attacks with little fear of repercussions.
ASEAN’s Path Forward: Opportunities and Constraints
Looking ahead, ASEAN faces both opportunities and challenges in addressing cyber conflicts within its borders. Through initiatives like the ASEAN Cybersecurity Cooperation Strategy and the ASEAN Ministerial Conference on Cybersecurity (AMCC), the bloc could adapt principles from global frameworks like the Tallinn Manual into a regional code of conduct that accounts for Southeast Asia’s diverse political and technological landscapes. However, translating these aspirational norms into actionable policies remains a daunting task. ASEAN’s principle of non-interference, combined with disparities in cyber capabilities among member states, often hampers collective action and enforcement.
Despite these constraints, pragmatic steps could help bridge the gap between legal ideals and operational realities. One promising avenue is the ASEAN Regional Computer Emergency Response Team (CERT), launched in 2024 and hosted in Singapore. Designed to serve as a hub for cybersecurity cooperation, the CERT facilitates coordination and information-sharing among national CERTs, builds capacity, and fosters partnerships to enhance collective resilience against cyber threats. While its current mandate does not explicitly cover interstate cyberattacks, expanding its role to include voluntary confidence-building measures—such as coordinated public attribution statements or standardized information-sharing protocols—could help establish norms of responsible behavior in the region.
Such initiatives, even if non-binding, could incrementally cultivate a culture of accountability and reduce the strategic ambiguity that state-backed actors exploit. They would also improve situational awareness and lay the foundation for coordinated responses to cyber incidents, even in cases where direct state responsibility is difficult to prove.
Crafting a Regional Approach
ASEAN’s success in managing cyber conflicts may not lie in adopting Western legal models wholesale but in developing a hybrid framework tailored to its own geopolitical realities. The Thai-Cambodian cyber conflict serves as a stark reminder that non-state actors can weaponize cyberspace to inflict lasting social and economic harm, often outlasting physical confrontations. As digital battlegrounds become increasingly central to interstate disputes, the region must prioritize building resilience and accountability mechanisms that reflect its unique challenges and capacities.
While immediate solutions remain elusive, incremental progress through platforms like the ASEAN CERT could pave the way for more robust regional cooperation. As cyberattacks continue to test the boundaries of sovereignty and international law, ASEAN’s response will shape not only the security of its digital landscape but also the trust and stability of its member states. The question remains: can the bloc rise to this challenge before the next cyber crisis erupts?
