Kazakhstan's Diplomatic Documents Reportedly Targeted in Cyber Campaign
Photo: Elements.envato.com, ill. purposes
A cyber espionage campaign, allegedly connected to the Kremlin, has reportedly targeted Central Asian countries, including Kazakhstan, according to digital security firm Sekoia.
Infosecurity Magazine reports:
According to recent findings by cybersecurity firm Sekoia, the campaign involved weaponized Microsoft Word documents designed to deliver HatVibe and CherrySpy malware, collecting strategic intelligence on Kazakhstan’s diplomatic and economic relations.
The investigation began in October when Sekoia discovered a document in the VirusTotal database.
The attackers used a macro to activate malware on recipients' devices, first deploying the HatVibe backdoor, followed by the more sophisticated CherrySpy malware – a technique previously used against Ukrainian scientific institutions.
The compromised documents included diplomatic correspondence and administrative files from Kazakhstan's Foreign Ministry dating from 2021 to 2024.
The attack bears hallmarks of APT28, a group allegedly connected to Russia's GRU and funded by the Kremlin.
APT28 has a history of targeting diplomatic, defense and scientific sectors across Europe and Asia, often using spear phishing with malicious macros and scheduled task persistence, notes Infosecurity Magazine.
According to Sekoia's analysis:
The most recent documents are two diplomatic letters, one from the Embassy of Kazakhstan in Afghanistan, the second from the Embassy of Kazakhstan in Belgium, both intended for the central Ministry of Foreign Affairs regarding diplomatic cooperation and economic issues. The both are dated early September 2024.
The documents supposedly included materials related to President Toqayev's state visit to Mongolia and his meeting with American companies in New York.
The hackers also accessed a Kyrgyz Defense Ministry letter discussing military cooperation in Central Asia, which contained information about a "special operation by the PRC against Taiwan."
The UAC-0063 utility used in this campaign has previously targeted Ukraine, Israel, India, Kyrgyzstan, and Tajikistan.
Another major data breach in early 2024 included personal information about Kazakhstani security officials, though Kazakhstan's authorities never officially confirmed this. Chinese hackers had been stealing data from Kazakhstani information networks for two years.
Orda.kz has sent official inquiries to Kazakhstan's Foreign Ministry, the Ministry of Digital Development, Innovation and Aerospace Industry, and the Center for Analysis and Investigation of Cyberattacks.
Original Author: Nikita Drobny
Latest news
- Kazakhstan Prosecutor Opposes Deportation of 16-Year-Old Russian Teen
- Russian TV Channels Taken Off Air in Kazakhstan
- Mistaken Claim? Kazakhstan Denies $1B Contribution to the Board of Peace
- How many Kazakhstanis remain in the Middle East — MFA
- Kazhydromet Warns of High Flood Risk in Five Regions in 2026
- MP Calls for Prosecutor Review of Kazakhstanis’ Dubai Property
- Kazakhstan Moves to Legalize Private Detective Work
- Kazakhstan to Extend Gas Export Ban for Six More Months
- Majilis MP Calls to Soften Liability for Kazakhstanis Drawn into Foreign Wars for Pay
- The Delivery of 51 Stadler Passenger Coaches Has Been Delayed
- Kazakhstan Returns Nearly 1,000 Citizens From the Middle East
- Damaged Baikonur Launch Pad Facility Restored After 2025 Collapse
- A Rare Black Melanist Wolf Was Shot in Eastern Kazakhstan
- Kazakhstan Maintains Neutral Stance on Middle East Escalation
- Kazakh MFA: Citizens Evacuated from the Middle East via Oman and Saudi Arabia
- Kazakhstan to Spend 4.6 Trillion Tenge on Road Projects Through 2029
- Central Asia Competes for the Skies: Why Kazakhstan Risks Falling Behind Uzbekistan on Jet Fuel
- The War in Iran Opens a Window of Opportunity for Kazakhstan’s Oil Sector, Analysts Say
- Iran Conflict Escalates Beyond the Gulf: What Kazakh Experts Say About Risks for Central Asia and Kazakhstan
- Kazakhstan Prepares Possible Evacuation of Its Citizens From Iran
