Another espionage scandal is gaining traction in the Western media, with Kazakhstan once again at its center. Within Kazakhstan, however, the topic of Russian cyber activities against the country is receiving minimal attention in the press. While Akorda seeks to navigate its delicate relationship with the Kremlin, any overt allegations of espionage might provoke Moscow’s powerful propaganda machine, which continues to exert significant influence over public opinion in Kazakhstan.
This time, the intrigue is unfolding in cyberspace, where a hacker group identified as UAC-0063, potentially linked to the Kremlin-backed Advanced Persistent Threat (APT) group known as APT28, has been implicated in spying on diplomatic institutions across Central Asia. The group’s activities, which can be traced back to at least 2021, have targeted not only Kazakhstan, but also Kyrgyzstan, Tajikistan, and other countries. Their previous targets include diplomatic, non-profit, academic, energy, and defense organizations in Ukraine, Israel, India, and the wider Central Asian region.
According to a cyber espionage investigation by Sekoia, UAC-0063 hackers infiltrated Kazakhstan’s Ministry of Foreign Affairs by leveraging official documents, such as emails, draft memos, and internal administrative communications. These documents — likely used to deliver malware — were either stolen in prior cyber operations, obtained from open sources, or acquired through other unknown means. Sekoia identified around two dozen such documents, dating from 2021 to October 2024, which primarily addressed Kazakhstan’s diplomatic cooperation and economic relations with other countries.
The researchers suggest this campaign is part of a broader, Kremlin-backed global cyber espionage operation targeting Central Asia, with a particular focus on Kazakhstan’s foreign relations.
This latest revelation is a reminder of other episodes. One prominent ongoing case involves individuals in London who stand accused of preparing actions at the behest of Russia against Kazakhstan’s diplomatic mission in the United Kingdom and targeting President Kassym-Jomart Tokayev’s son. Even more striking is the echo of the Pegasus spyware scandal, which emerged in 2021.
An investigation by the Organized Crime and Corruption Reporting Project (OCCRP) revealed that the Israeli-developed Pegasus spyware was used to monitor a wide range of individuals in Kazakhstan, including independent journalists, activists, human rights defenders, and high-ranking officials. Among the targets were President Tokayev, then-Prime Minister Askar Mamin, former Akim of Almaty Bakytzhan Sagintayev, and several of Kazakhstan’s wealthiest business-people.
At the time, public suspicion fell upon Karim Massimov, the former chief of the National Security Committee (KNB), as the perpetrator of the Pegasus surveillance. However, the issue faded into obscurity following the unrest of January 2022, the events of which were officially described as an attempted coup d’état. To this day, no definitive answers have been provided about who orchestrated the Pegasus cyberattacks or their motives.
Now, with fresh reports of Russian-linked malware targeting Kazakhstan’s cyber-security, it appears that history may be repeating itself. The key question which remains – is this merely a case of déjà vu, or could it signal the groundwork for a new effort to destabilize Kazakhstan?
