Cyber Security - The Times Of Central Asia

Viewing results 1 - 6 of 9

Russia China Cyber Security 5G Starlink Digitization AI Digital Development

The Battle for Control Over Central Asia’s Digital Future

Central Asia is digitalizing quickly. Governments across the region have invested in smart cities, 5G, and AI-powered platforms. Kazakhstan ranks 24th in the world in global e-government indexes, and in Tashkent and Bishkek, young, tech-savvy populations are pushing for innovation. But such progress is not without risks. A new report from the German Marshall Fund (GMF), a Washington-based think tank, outlines how Central Asia is becoming ever more reliant on Chinese and Russian technology. These two countries, the report argues, are using digital tools not just to supply infrastructure but to shape how governments in the region manage data, surveillance, and speech. Beijing and Moscow’s tech exports act as snares, tying customers into their own economies. “Central Asian governments are aware of these challenges,” Dylan Welch, the author of the report and a China analyst at the GMF, told The Times of Central Asia. But he notes that it can be difficult to convince policymakers to prioritize the dangers of such overexposure. “For the national leaders, their imperative is to deliver economic growth because they have these young, dynamic populations that need jobs… if they don't deliver on that, then they're in for a long period of instability at home,” he said. This makes Chinese and Russian offers to develop their digital industries extremely tempting. An Entrenched Presence The report coincides with a flurry of Russian and Chinese engagement in the region. Over the weekend, Kazakhstan announced that between them, Beijing and Moscow will be responsible for delivering a new generation of nuclear reactors to the country, currently leaving French and Korean alternatives out in the cold. Then came this week’s visit of Chinese President Xi Jinping to Astana for a summit with the five Central Asian leaders. On the digital front, one notable announcement from this summit included a plan to develop an Artificial Intelligence Cooperation Center in Kyrgyzstan. China has used the term “Digital Silk Road” to describe its investments in Central Asia, and it has built much of the physical infrastructure behind the region’s digitization drive. For its part, Russia has exported its software, legal models and surveillance practices. Taken together, these systems are helping local governments tighten control over digital life. “This strategic integration makes it more difficult for regional states to diversify in the future, even though many continue to pursue multi-vector foreign policies aimed at balancing global partnerships,” Yunis Sharifli, Non-Resident Fellow at the China-Global South Project, told TCA. Where the Vulnerabilities Lie The report uses a “technology stack” framework to explain the problem. This framework looks at five layers: network infrastructure, data storage, consumer devices, digital platforms, and government policies. Across these layers, it argues, Central Asia is exposed to Chinese and Russian influence. Take Kazakhstan. It may be the most advanced digital economy in the region, but most of its internet traffic still passes through Russia. Telecom firms across the region are also required to install a Russian-made surveillance technology known as SORM (System for Operative Investigative Activities), which can intercept internet...

Cyber Security Personal Data Cyberattacks leaked data shadow data market

Personal Data of 16 Million Kazakh Citizens Leaked

Kazakhstan has experienced one of the most extensive personal data breaches in its history. According to Olzhas Satiev, President of the Center for Analysis and Investigation of Cyber Attacks (CARKA), over 16.3 million records, representing nearly the entire population, have been made publicly accessible. Scope of the Breach The compromised data includes surnames, first names, patronymics, gender, date of birth, individual identification numbers (IIN), addresses, phone numbers, citizenship, ethnicity, and other sensitive details. The source of the leak has not been identified. Experts suggest it may be a compilation of previously hacked databases redistributed via closed Telegram channels. Alternatively, it could stem from a new, as yet undetected breach. “This is one of the largest leaks. An investigation is currently underway. We are awaiting information from the technical service of the National Security Committee (KNB),” said Satiev. Government Response and Ongoing Investigation The Ministry of Digital Development, Innovation and Aerospace Industry (MCIA) stated that it is closely monitoring the incident. The ministry’s Information Security Committee, in cooperation with law enforcement and intelligence agencies, is analyzing the leaked data and verifying its relevance. Initial assessments suggest the breach likely originated from private information systems. The MCIA emphasized that no cyberattacks on government databases have been detected. “It is premature to draw final conclusions or confirm the accuracy of the leaked information until the investigation concludes,” the ministry said. Individuals affected by the leak will be notified through the e-government portal. The ministry also noted that previous leaks involved outdated information sourced from microfinance organizations and other commercial entities. Combating the Shadow Data Market Separately, the Ministry of Internal Affairs recently dismantled an organized group involved in the illegal sale of personal data. Authorities say the group accessed state databases and distributed information through Telegram channels, often in cooperation with debt collection agencies. More than 140 individuals, including channel administrators and company executives, were detained. Five suspects remain in custody. Investigators seized over 400 pieces of computer and electronic equipment. “The information was obtained from state databases and distributed through Telegram channels. Work is ongoing to identify all parties involved,” said Zhandos Suinbay, head of the Interior Ministry’s cybercrime division. Criminal proceedings have been launched under Articles 205 (unlawful access to information), 147 (violation of privacy), and 211 (distribution of restricted data) of the Criminal Code of Kazakhstan. The Interior Ministry vowed to intensify efforts to prevent further data breaches and urged citizens to be cautious, particularly when sharing personal information or using unsecured digital platforms.

Internet Cyber Security Cyberattacks

Ongoing DDoS Attack Disrupts Kazakhstan’s Digital Infrastructure

Kazakhstan is experiencing a large-scale Distributed Denial of Service (DDoS) attack that is disrupting online services across government portals, banking systems, and telecommunications networks. The attack, which began earlier this week, has overwhelmed servers by bombarding them with excessive traffic, rendering critical digital infrastructure inaccessible for thousands of users. The Impact on National Systems The scope of the attack has significantly hobbled online platforms that citizens and organizations rely on for essential services. Users have reported interruptions when attempting to access online banking, state-run portals for taxes, and public resource management services. Government resources have been severely affected, whilst for businesses the inability to process digital transactions has caused massive delays, leading to e-commerce platforms and retailers that depend on online payment systems facing revenue losses. Financial institutions are working to secure their systems, fearing that the attack may escalate into data breaches or ransomware targeting client information. Potential Sources Behind the Attack While no official statement about the source of the attack has been released, cybersecurity experts are pointing to several possibilities. One theory suggests that the attack may involve political motives, aimed at destabilizing Kazakhstan’s government services and undermining public confidence. Others speculate that the incident may stem from cybercriminal groups seeking financial gain through extortion tactics. Other analysts are not discounting the possibility of foreign state actors. Given increasing geopolitical tensions in the region, such cyberattacks could potentially serve as acts of digital retaliation or covert intervention. Investigations are ongoing to trace the origin of the attack, and no group has publicly claimed responsibility. Official Responses and Mitigation Efforts Kazakhstan’s Ministry of Digital Development, Innovation, and Aerospace Industry has acknowledged the severity of the attack in an official statement. Authorities are currently coordinating with cybersecurity experts to neutralize the attack and minimize public impact. Technical teams have implemented measures such as traffic filtering and rerouting protocols to handle excessive server requests. While some government websites have been partially restored, slow loading speeds and occasional downtime persist. The ministry is urging organizations and individuals to strengthen online security by regularly updating firewalls and staying vigilant against phishing attempts that often accompany large-scale attacks. Additionally, Kazakhstan's cybersecurity response teams are collaborating with international partners to identify vulnerabilities and enhance digital defenses. This incident highlights the growing need for robust cybersecurity frameworks, particularly in an interconnected world increasingly reliant on digital services. Significance of the Attack This ongoing DDoS attack underscores how vulnerable national infrastructure can be to cyber threats. Potentially targeting critical systems like financial networks or telecommunications, these attacks can undermine public trust in a nation’s institutions and disrupt economic stability. Kazakhstan, like many nations, has increased investment in digital technologies, making cybersecurity a top priority. However, the attack reveals gaps in protection and the urgent need for advanced, preemptive measures to safeguard essential systems. With a rising tide of global cyber threats, addressing these vulnerabilities will play a critical role in protecting both national security and the economy going forward. For now, Kazakhstan continues to battle the...

Cyber Security Pegasus Spyware

Uzbekistan Named Among Users of Controversial Pegasus Spyware

In a recent U.S. court hearing, a lawyer representing NSO Group, the Israeli maker of the notorious Pegasus spyware, named Uzbekistan as one of the governments that deployed the tool during a 2019 hacking campaign. Mexico and Saudi Arabia were also cited. This marks the first time NSO Group has publicly identified its clients. Pegasus is a powerful surveillance software developed by the Israeli cyber intelligence firm NSO Group. Once installed on a smartphone, it allows operators to secretly access messages, listen to calls, track locations, and remotely activate the camera and microphone, without the user’s knowledge. The revelation stems from a lawsuit filed by WhatsApp, a Meta-owned messaging platform, which accused NSO Group of exploiting a vulnerability in the app to target approximately 1,400 users between April and May 2019. Many of those targeted were journalists, human rights advocates, and members of civil society. Digital rights watchdog Citizen Lab, which collaborated with WhatsApp, helped identify more than 100 victims across multiple countries. NSO’s lawyer acknowledged that at least eight governments were using Pegasus at the time, but only three – Mexico, Saudi Arabia, and Uzbekistan – were named during the hearing. Uzbekistan’s inclusion raises concerns about the country’s surveillance practices. While the court hearing mentioned just three countries, earlier disclosures suggested that Pegasus had been deployed in as many as 51 nations, including India, Morocco, Spain, the United Kingdom, and the United States. Interestingly, Saudi Arabia, named in the court hearing, did not appear in prior reports, suggesting that some NSO clients may have used the spyware beyond their own borders. A 2017 investigation by Citizen Lab indicated, for example, that Mexico used Pegasus to surveil individuals located in the U.S. NSO Group insists that it licenses Pegasus only to governments approved by Israel and that the software is intended for counterterrorism and law enforcement. Nevertheless, the company has faced sustained criticism for enabling authoritarian regimes to spy on dissidents and journalists. The U.S. court has not yet confirmed which clients were behind the specific attacks outlined in the WhatsApp case. The presiding judge noted that much of the available evidence originates from media investigations rather than direct disclosures by NSO Group. The company has declined to comment publicly. WhatsApp has stated it looks forward to the trial, where it hopes to secure damages and prevent NSO from using its infrastructure to target users. Over the years, groups like Amnesty International and Citizen Lab have documented Pegasus’s deployment in numerous countries, including Hungary, the United Arab Emirates, and now, potentially, Uzbekistan. Many of the targets were professionals carrying out legitimate work, raising serious questions about digital privacy and unchecked state surveillance. TechCrunch, which obtained the court documents, has contacted the embassies of Mexico, Saudi Arabia, and Uzbekistan for comment. As of this writing, none have responded.

Starlink internet Cyber Security Internet

The Twilight of Starlink in Kazakhstan?

For every country in the world, the appearance of the internet has presented vast possibilities but also formidable challenges. This was especially true in Central Asia where the governments are obsessed with controlling information that can be accessed by the public. Kazakhstan is unique among the Central Asian states in that the Kazakh government has expended significant energy and resources to make Kazakhstan a modern country with a tech savvy population. Control over the internet remains an issue and has sparked a debate in Kazakhstan about the use of foreign telecommunications satellites. Countrywide Connections In late 2024, Kazakhstan’s Ministry of Digital Development stirred controversy by proposing new regulations on imports of telecommunications equipment. One proposal would ban the use of equipment from foreign companies that do not have control centers inside Kazakhstan. In December 2024, the Digital Development Ministry specifically named Inmarsat, Thuraya, Iridium, and Starlink as targets for a usage ban. Kazakhstan actually has a national security law that “prohibits the establishment and operation of communication networks within Kazakhstan if their control centers are based outside the country.” However, Kazakhstan is a large country with most of its population living in roughly the eastern third of its territory. Cities, towns, and villages scattered across the western two-thirds of Kazakhstan are poorly connected to the internet and Kazakh authorities started discussions with Musk’s SpaceX about use of Starlink, a subsidiary of SpaceX with a network of satellites. In October 2023, Kazakh authorities “introduced broadband internet in ten rural schools using Starlink technology in a test mode.” The pilot project envisioned sending Starlink terminals to 2,000 schools. By April 2024, the system was already connecting 447 rural schools to the internet, and by August the number had climbed to 1,731 schools. Kill Switch Required In November 2023, the director of the Ministry of Digital Development’s Telecommunications Committee, Dias Tolegenov, warned citizens that private use of Starliink terminals was illegal in Kazakhstan. The “current version” of Starlink “violates current (Kazakh) legislation, as it does not meet safety requirements,” Telugenov said. This ban is still In effect. In May 2024, the director of Kazakhstan’s Kokterek Space Communications Center, Roman Ermashov, reiterated that according to Kazakhstan’s laws, “projects using foreign satellite communication systems in non-geostationary satellite orbits,” such as Starlink, must have “a gateway (interface) station on the territory of Kazakhstan.” SpaceX refused to install the station in Kazakhstan. “This is about safety,” Ermashov said, “Because if any information security incident occurs, such as a data leak, everyone turns to the state.” This comment by Ermashov cuts to the heart of the matter. During the mass unrest in Kazakhstan in January 2022, authorities cut off the internet around the country to prevent protesters from coordinating their actions or releasing information about what was happening to the world outside Kazakhstan. Later that same year, Tajikistan ‘s government cut off the internet connection to the eastern Gorno-Badakhshan Autonomous Oblast during unrest, and Uzbek authorities did the same to the western Karakalpakstan Republic when violence broke out...

investigation Cyber Security Espionage Crime Security Russia

Cyber Déjà Vu: Is Russia Spying on Kazakhstan Again?

Another espionage scandal is gaining traction in the Western media, with Kazakhstan once again at its center. Within Kazakhstan, however, the topic of Russian cyber activities against the country is receiving minimal attention in the press. While Akorda seeks to navigate its delicate relationship with the Kremlin, any overt allegations of espionage might provoke Moscow’s powerful propaganda machine, which continues to exert significant influence over public opinion in Kazakhstan. This time, the intrigue is unfolding in cyberspace, where a hacker group identified as UAC-0063, potentially linked to the Kremlin-backed Advanced Persistent Threat (APT) group known as APT28, has been implicated in spying on diplomatic institutions across Central Asia. The group’s activities, which can be traced back to at least 2021, have targeted not only Kazakhstan, but also Kyrgyzstan, Tajikistan, and other countries. Their previous targets include diplomatic, non-profit, academic, energy, and defense organizations in Ukraine, Israel, India, and the wider Central Asian region. According to a cyber espionage investigation by Sekoia, UAC-0063 hackers infiltrated Kazakhstan's Ministry of Foreign Affairs by leveraging official documents, such as emails, draft memos, and internal administrative communications. These documents — likely used to deliver malware — were either stolen in prior cyber operations, obtained from open sources, or acquired through other unknown means. Sekoia identified around two dozen such documents, dating from 2021 to October 2024, which primarily addressed Kazakhstan’s diplomatic cooperation and economic relations with other countries. The researchers suggest this campaign is part of a broader, Kremlin-backed global cyber espionage operation targeting Central Asia, with a particular focus on Kazakhstan's foreign relations. This latest revelation is a reminder of other episodes. One prominent ongoing case involves individuals in London who stand accused of preparing actions at the behest of Russia against Kazakhstan's diplomatic mission in the United Kingdom and targeting President Kassym-Jomart Tokayev’s son. Even more striking is the echo of the Pegasus spyware scandal, which emerged in 2021. An investigation by the Organized Crime and Corruption Reporting Project (OCCRP) revealed that the Israeli-developed Pegasus spyware was used to monitor a wide range of individuals in Kazakhstan, including independent journalists, activists, human rights defenders, and high-ranking officials. Among the targets were President Tokayev, then-Prime Minister Askar Mamin, former Akim of Almaty Bakytzhan Sagintayev, and several of Kazakhstan’s wealthiest business-people. At the time, public suspicion fell upon Karim Massimov, the former chief of the National Security Committee (KNB), as the perpetrator of the Pegasus surveillance. However, the issue faded into obscurity following the unrest of January 2022, the events of which were officially described as an attempted coup d’état. To this day, no definitive answers have been provided about who orchestrated the Pegasus cyberattacks or their motives. Now, with fresh reports of Russian-linked malware targeting Kazakhstan’s cyber-security, it appears that history may be repeating itself. The key question which remains - is this merely a case of déjà vu, or could it signal the groundwork for a new effort to destabilize Kazakhstan?