Espionage Campaign: Russia-linked Threat Actors Target Kazakhstan
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political intelligence in Central Asia.
The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with Russia’s General Staff Main Intelligence Directorate (GRU). It’s also known as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422.
UAC-0063 was first documented by the Computer Emergency Response Team of Ukraine (CERT-UA) in early 2023, detailing its attacks on
Russia’s SORM is an electronic surveillance apparatus capable of intercepting a wide range of internet and telecommunications traffic by authorities without the knowledge of the service providers themselves. It enables the monitoring of landline and mobile communications, as well as internet traffic, Wi-Fi, and social media, all of which can be stored in a searchable database.
It’s been assessed that the former Soviet territories of Belarus, Kazakhstan, Kyrgyzstan, and Uzbekistan, and the Latin American nations of Cuba and Nicaragua, have very likely acquired the technology to wiretap citizens.
“While these systems have legitimate security applications, the governments […] have a history of misusing surveillance capabilities, including repression of political opposition, journalists, and activists, without effective or independent oversight,” Insikt Group said.
“More broadly, the export of Russian surveillance technologies will likely continue to offer Moscow opportunities to expand its influence, particularly in areas it deems to be under its traditional sphere of the “near abroad.”
