Cyberattacks - The Times Of Central Asia

Viewing results 1 - 6 of 7

Crime

Tajik Citizens Arrested in U.S. in Connection with ATM Cyberattack

U.S. authorities have charged two Tajik nationals and one Iranian citizen with orchestrating a cyberattack on ATMs to steal cash using a method known as "jackpotting." Two of the suspects have already been apprehended. Law enforcement in Lincoln County, North Carolina, identified the suspects as 26-year-old Nurmuhammad Rahmonzoda, 35-year-old Firdavs Rajabov, and 36-year-old Milod Avazdavani of Iran. The crimes reportedly occurred in February 2025 in the state of Maine. Investigators were able to identify the suspects using CCTV footage and license plate recognition systems. The group allegedly employed jackpotting, a cyber intrusion technique that manipulates ATMs into dispensing cash without recording a legitimate transaction. The investigation was launched after multiple banks reported technical issues with their self-service terminals. Authorities later determined the cyberattacks had been premeditated and synchronized across several ATM locations. In total, the group is accused of stealing more than $10,000. Avazdavani was arrested on March 13, 2025, in Charleston, South Carolina. Rahmonzoda was detained two weeks later in Florida and transferred to Maine. Authorities have not confirmed whether Rajabov has been taken into custody. Rahmonzoda has been formally charged with theft. A court has ordered him to pay $38,480 in restitution to the victims. If he fulfils the court’s compensation order, the felony charge may be downgraded to a misdemeanor, though full criminal liability will still apply. Further proceedings in the case are set to continue in Florida. Previously, U.S. media reported the arrests of other Tajik citizens in unrelated cases involving terrorism and immigration violations.

Cyber Security

Kazakhstan Confronts Major Data Leak in High-Stakes Security Crackdown

A detective thriller worthy of a Hollywood script is quietly playing out in the daily lives of Kazakhstani citizens, one with implications for nearly every household. At its core lies the largest leak of personal data in Kazakhstan’s history, unfolding across Almaty and Astana. The incident touches on something deeply personal: data that could be weaponized by fraudsters for illicit gain. Sixteen Million Records Exposed In early June, the Telegram channel SecuriXy.kz, known for its cybersecurity reporting, revealed a massive breach of Kazakh citizens' personal data. "A CSV file containing the personal data of Kazakh citizens, containing 16.3 million lines, has been discovered. The table contains the following fields: Last name, First name, Middle name, Gender, Date of birth, ID number, IIN [Bank Identification Number], Mobile phone number, Work phone number, Home phone number, Citizenship, Nationality, Address, Confirmed address, Start and end dates of residence," the channel stated. The analysis identified 16,302,107 records, 16.9 million unique phone numbers, and 15,851,699 unique individual identification numbers (IINs), the number of citizens whose information had been compromised. “The ‘address’ field often contains the addresses of dental clinics, polyclinics, the Tax Committee, universities, and other organizations,” the channel noted. The leak included highly sensitive personal data such as contact details and IINs, which the channel warned could be used for: “Phishing, social engineering, document forgery, and telephone fraud.” The data appears to have been compiled over a significant period. SecuriXy.kz reported that, “Most of the records were entered into the system after 2011,” with over two million added in 2022 alone. Data from 2023-2024 also appears, underscoring the leak's relevance. The revelation sparked swift reactions from officials. The Ministry of Digital Development, Innovation, and Aerospace Industry (MCIAI) released a statement confirming an investigation in collaboration with law enforcement and intelligence agencies. “It should be noted that the initial analysis indicates that the information may have originated from private information systems. No hacker attacks or leaks of personal data from state information systems have been recorded at this time. It is premature to draw final conclusions or confirm the accuracy of the information until the investigation is complete,” the ministry stated, adding that similar past incidents often involved outdated data compiled by service sector firms or microfinance institutions. “The ministry is monitoring the situation," the authorities concluded. "Additional information will be posted after the investigation is complete.” Cybersecurity experts, however, were less dismissive. Enlik Satieva, vice president of the TSARKA Group, a cybersecurity firm affiliated with the government, stressed the seriousness of the breach. "These are not just names," she stated. "The published database contains the most important personal data of citizens. In particular, it includes surnames, first names, patronymics, gender, dates of birth, IINs, citizenship, nationality, residential addresses, registration and residence periods, as well as mobile, home, and work phone numbers." Satieva suggested that some of the data may have been sourced from medical organizations, and that the leak might stem from a specific entity or multiple sources linked through IINs. Criminal Case and Contradictions...

Cyber Security

Personal Data of 16 Million Kazakh Citizens Leaked

Kazakhstan has experienced one of the most extensive personal data breaches in its history. According to Olzhas Satiev, President of the Center for Analysis and Investigation of Cyber Attacks (CARKA), over 16.3 million records, representing nearly the entire population, have been made publicly accessible. Scope of the Breach The compromised data includes surnames, first names, patronymics, gender, date of birth, individual identification numbers (IIN), addresses, phone numbers, citizenship, ethnicity, and other sensitive details. The source of the leak has not been identified. Experts suggest it may be a compilation of previously hacked databases redistributed via closed Telegram channels. Alternatively, it could stem from a new, as yet undetected breach. “This is one of the largest leaks. An investigation is currently underway. We are awaiting information from the technical service of the National Security Committee (KNB),” said Satiev. Government Response and Ongoing Investigation The Ministry of Digital Development, Innovation and Aerospace Industry (MCIA) stated that it is closely monitoring the incident. The ministry’s Information Security Committee, in cooperation with law enforcement and intelligence agencies, is analyzing the leaked data and verifying its relevance. Initial assessments suggest the breach likely originated from private information systems. The MCIA emphasized that no cyberattacks on government databases have been detected. “It is premature to draw final conclusions or confirm the accuracy of the leaked information until the investigation concludes,” the ministry said. Individuals affected by the leak will be notified through the e-government portal. The ministry also noted that previous leaks involved outdated information sourced from microfinance organizations and other commercial entities. Combating the Shadow Data Market Separately, the Ministry of Internal Affairs recently dismantled an organized group involved in the illegal sale of personal data. Authorities say the group accessed state databases and distributed information through Telegram channels, often in cooperation with debt collection agencies. More than 140 individuals, including channel administrators and company executives, were detained. Five suspects remain in custody. Investigators seized over 400 pieces of computer and electronic equipment. “The information was obtained from state databases and distributed through Telegram channels. Work is ongoing to identify all parties involved,” said Zhandos Suinbay, head of the Interior Ministry’s cybercrime division. Criminal proceedings have been launched under Articles 205 (unlawful access to information), 147 (violation of privacy), and 211 (distribution of restricted data) of the Criminal Code of Kazakhstan. The Interior Ministry vowed to intensify efforts to prevent further data breaches and urged citizens to be cautious, particularly when sharing personal information or using unsecured digital platforms.

Cyberattacks

Ongoing DDoS Attack Disrupts Kazakhstan’s Digital Infrastructure

Kazakhstan is experiencing a large-scale Distributed Denial of Service (DDoS) attack that is disrupting online services across government portals, banking systems, and telecommunications networks. The attack, which began earlier this week, has overwhelmed servers by bombarding them with excessive traffic, rendering critical digital infrastructure inaccessible for thousands of users. The Impact on National Systems The scope of the attack has significantly hobbled online platforms that citizens and organizations rely on for essential services. Users have reported interruptions when attempting to access online banking, state-run portals for taxes, and public resource management services. Government resources have been severely affected, whilst for businesses the inability to process digital transactions has caused massive delays, leading to e-commerce platforms and retailers that depend on online payment systems facing revenue losses. Financial institutions are working to secure their systems, fearing that the attack may escalate into data breaches or ransomware targeting client information. Potential Sources Behind the Attack While no official statement about the source of the attack has been released, cybersecurity experts are pointing to several possibilities. One theory suggests that the attack may involve political motives, aimed at destabilizing Kazakhstan’s government services and undermining public confidence. Others speculate that the incident may stem from cybercriminal groups seeking financial gain through extortion tactics. Other analysts are not discounting the possibility of foreign state actors. Given increasing geopolitical tensions in the region, such cyberattacks could potentially serve as acts of digital retaliation or covert intervention. Investigations are ongoing to trace the origin of the attack, and no group has publicly claimed responsibility. Official Responses and Mitigation Efforts Kazakhstan’s Ministry of Digital Development, Innovation, and Aerospace Industry has acknowledged the severity of the attack in an official statement. Authorities are currently coordinating with cybersecurity experts to neutralize the attack and minimize public impact. Technical teams have implemented measures such as traffic filtering and rerouting protocols to handle excessive server requests. While some government websites have been partially restored, slow loading speeds and occasional downtime persist. The ministry is urging organizations and individuals to strengthen online security by regularly updating firewalls and staying vigilant against phishing attempts that often accompany large-scale attacks. Additionally, Kazakhstan's cybersecurity response teams are collaborating with international partners to identify vulnerabilities and enhance digital defenses. This incident highlights the growing need for robust cybersecurity frameworks, particularly in an interconnected world increasingly reliant on digital services. Significance of the Attack This ongoing DDoS attack underscores how vulnerable national infrastructure can be to cyber threats. Potentially targeting critical systems like financial networks or telecommunications, these attacks can undermine public trust in a nation’s institutions and disrupt economic stability. Kazakhstan, like many nations, has increased investment in digital technologies, making cybersecurity a top priority. However, the attack reveals gaps in protection and the urgent need for advanced, preemptive measures to safeguard essential systems. With a rising tide of global cyber threats, addressing these vulnerabilities will play a critical role in protecting both national security and the economy going forward. For now, Kazakhstan continues to battle the...

Cyberattacks

Cyberattacks Double in Kazakhstan in Early 2025

Kazakhstan experienced a sharp increase in cyberattacks during the first quarter of 2025, with 30,000 information security incidents recorded between January and May, double the number reported during the same period in 2024. According to data from research agency Ranking.kz, the most significant growth was observed in botnet-related activity, including spam mailings, password cracking, and remote system intrusions that cause service disruptions. Such incidents surged to 17,600 in the first quarter of 2025, compared to just 1,700 a year earlier. Conversely, attacks involving computer viruses, worms, and Trojans declined by 17.9% year-on-year, totaling 7,900 cases. However, phishing attempts targeting Kazakhstani users rose by 37.2%, reaching 2,000 reported incidents. Other categories saw a decrease. Cases involving inaccessibility of internet resources dropped by 48.1% to 112, while distributed denial-of-service (DDoS) attacks fell to 23, down from 30 in the same period last year. Incidents of unauthorized access or modification of digital content also declined slightly, with nine reported cases versus 13 previously. Despite the rise in cyber threats, Kazakhstan’s IT sector continues to demonstrate robust growth. In 2024, the value of services in computer programming, consulting, and related fields reached 1.5 trillion tenge (approximately $2.9 billion), a 36.3% increase compared to 2023. Since 2016, the volume of services in this sector has expanded more than tenfold, and by over fivefold since 2019. Regionally, Almaty and Astana dominated the sector, accounting for 90.2% of all IT services provided. Almaty led with KZT 853.1 billion ($1.6 billion), followed by Astana with KZT 486.7 billion ($950 million). The lowest activity was recorded in the Ulytau region, with only KZT 712.3 million ($1.3 million) in services. Separately, The Times of Central Asia previously reported that a Chinese firm involved in cyber intelligence operations had been active in Kazakhstan for several years, accessing telecom data over an extended period.