Kazakhstan will audit its Foreign Ministry due to a cyberattack suspected to involve Kremlin-related hackers. The attack, attributed to UAC-0063, utilized CherrySpy and Hatvibe malware strains. The ministry is investigating the extent of the breach, as previous intelligence denied any confirmed Russian-backed cyber operations targeting Kazakhstan. This incident highlights ongoing cybersecurity risks in diplomatic and governmental sectors.
Kazakhstan plans an audit of its Foreign Ministry following a significant cyberattack allegedly linked to Kremlin-affiliated hackers. The Kazakh Digital Ministry’s action follows a report indicating a cyberespionage campaign targeting diplomatic institutions, including Kazakhstan, orchestrated by a hacker group named UAC-0063, potentially tied to Russia’s state-sponsored APT28 group.
Officials indicated awareness of an ongoing attack utilizing CherrySpy and Hatvibe malware strains since mid-2023. The decision to initiate an audit reportedly arose after French cybersecurity firm Sekoia released its analysis of the cyber incident. The outcome of the audit will determine subsequent measures by Kazakhstan’s cybersecurity authorities.
While researchers identified Russian connections to the cyberattacks, Kazakh authorities remain cautious, stating it is “too early to say” if Russian hackers are to blame. Previously, Kazakhstan’s national security agency denied any information on attacks from Russian-linked threats targeting state systems.
The UAC-0063 hacker group has been active since at least 2021, previously launching attacks against diplomatic, academic, and defense sectors across various nations, including Ukraine, Israel, and Central Asian countries. The most recent attack leveraged legitimate documents from the Foreign Ministry to propagate malware, raising concerns about their sourcing and security breaches.
Researchers from Sekoia discovered around 20 documents associated with Kazakhstan’s Foreign Ministry dated from 2021 to late 2024. Most pertained to international diplomatic relations and economic matters, providing targets for cyberespionage activities. The identified malware strains, CherrySpy and Hatvibe, are also known for their use in past cyberattacks in Asia and Ukraine.
This cyber operation appears part of a larger initiative to gather strategic and economic insights regarding Kazakhstan’s interactions with other nations. In a related note, a separate report by Indian cybersecurity firm Seqrite has highlighted a different campaign targeting Central Asia, attributed to a new group called Silent Lynx, known for its focus on economic decision-making sectors.
The increase in cyberattacks on government entities highlights vulnerabilities within state cybersecurity frameworks. Safeguarding national interests against foreign cyber threats is critical, especially as geopolitical tensions escalate. Cybersecurity organizations and researchers work to track and analyze these threats, providing crucial intelligence on potential state-sponsored cyber activities. The UAC-0063 group, known for sophisticated cyber infiltration methods, reflects growing concerns about Russia’s influence and ability to conduct cyber warfare. By examining previous attacks and methodologies, cybersecurity professionals can better prepare against future threats, safeguarding both information integrity and national security.
Kazakhstan faces cybersecurity challenges linked to suspected Russian cyber operations, prompting an audit of its Foreign Ministry in response to a major cyberattack. The involvement of UAC-0063, potentially connected to Russian state-sponsored threats, underscores the importance of proactive measures in cybersecurity. Continued analysis and international cooperation are essential in addressing these evolving cyber threats, protecting national interests and diplomatic integrity.
Original Source: therecord.media
