22.02.2024 17:41:00
Дата публикации
Perhaps this is one of the largest incidents related to state cyber espionage not only in relation to our country, but also several countries of Central and Southeast Asia, the European Union and Africa.
On February 16, 2024, unknown persons published on the GitHub resource a leak of secret data from the Chinese company iSoon (aka Anxun), one of the contractors of the Chinese Ministry of Public Security (MPS). It is reported to be associated with Chengdu 404, a structure controlled by Chinese cyber intelligence known as APT41.
The leak sheds light on the forms and methods of Chinese intelligence. Software, Trojans for Windows, Mac, iOS and Android, DDoS services, systems for de-anonymizing social network users, Wi-Fi hacking equipment and much more. A lot of information about the methods of penetration and obtaining information.
The attackers targeted both general information, such as databases, and targeted information of specific individuals: control of correspondence, calls and movement. Data analysis showed that the volume of stolen information is measured in terabytes. Data source: critical infrastructure of Kazakhstan, Kyrgyzstan, Mongolia, Pakistan, Malaysia, Nepal, Turkey, India, Egypt, France, Cambodia, Rwanda, Nigeria, Hong Kong, Indonesia, Vietnam, Myanmar, Philippines and Afghanistan.
For Kazakhstan, the scale of the cyber threat may be very significant and unpredictable. The leak revealed confidential data of Kazakh telecom operators such as Beeline, Kcell and Tele2.
There are also references to Kazakhtelecom and the Unified Accumulative Pension Fund of the Republic of Kazakhstan.
According to researchers from TsARKA:
“The Chinese APT group has been sitting in the Kazakh infrastructure for about 2 years and this is just the tip of the iceberg. No one knows how many undetected hackers and leaks of our data there are. All this is the result of unsystematic actions and the priority of departmental interests over the interests of the state. The structure of the state, in which the Information Security Committee is subordinate to the Ministry of Digitalization, will always be vulnerable. Kazakhstan needs a separate independent body outside the Government responsible for cybersecurity - the Cybersecurity Agency.”
Government agencies have already responded to the incident
The Ministry of Digital Development, Innovation and Aerospace Industry of Kazakhstan (MCRIAP) stated:
“In connection with the dissemination of information on the Internet regarding the leakage of personal data, we inform you that today the ministry, together with the National Security Committee of the Republic of Kazakhstan, is analyzing the received materials.”
UAPF, in turn, already claims that the information about the data leak is untrue:
“The UAPF security services conducted a detailed analysis of the data posted on the GitHub website. As a result, it was established that the published catalog contains only a description of the enpf.kz site. At the same time, the site is an open source of information and does not contain personal data of depositors and recipients.”
At a plenary meeting on February 21, Member of the Mazhilis of the Parliament of the Republic of Kazakhstan Ekaterina Smyshlyaeva commented on all the recent scandals with the leakage of personal data of Kazakhstanis to the Internet. In her request to First Deputy Prime Minister Roman Sklyar, she voiced the essence of the incident:
“The leak was discovered on foreign resources. This is another consequence of direct disregard of legal requirements by large, far from poor companies. We trust them with sensitive information every day with the expectation that it will be kept safe.”
“This causes fair criticism from citizens. It is alarming how the quality and degree of confidentiality is changing. If earlier we were talking about addresses and telephone numbers, today medical data, banking information, that is, information that is secret, is leaked using the same schemes,” the deputy said.
“Have the rules and regulations of organizations, for example, train stations or hotels, been revised? No, paper copies are still collected everywhere,” said Ekaterina Smyshlyaeva.
“When was the last time an authorized body in the medical field assessed and revised the list of medical information that is subject to collection and storage? When receiving accreditation, registering on websites, and applying for discount cards, citizens fill out several sheets of forms according to the principle “it has always been this way.” People get away with this kind of disregard for security requirements because citizens’ awareness of their digital rights is still low.”
She also pointed out the need to strengthen the administration of the requirements adopted regarding the circulation of personal data and the request for information, and to ensure that citizens are informed about the rules for handling data through state information policy.
GTS JSC commented on the compromise of the infrastructure of telecom operators in Kazakhstan.
In 2022, GTS JSC, in cooperation with the National Security Committee, identified the activities of a foreign hacker group in the infrastructure of cellular operators, the department said in a statement. The audit showed that attackers gained unauthorized access to databases back in 2021.
The organizers and members of the hacker group are on the international wanted list on the initiative of several countries.
The authorized body in the field of information security of the Republic of Kazakhstan (MCRIAP) is conducting an inspection regarding access to the infrastructure of the UAPF and the Air Astana company.
The Chairman of the Information Security Committee of the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan, Ruslan Abdikalikov, based on an analysis of materials provided by TsARKA, stated that:
“We cannot blame any country or any intelligence agency for violating our laws. That is, there is no direct evidence, so we want to say that China is a strategic partner of our country. Accordingly, in our understanding, the situation looks quite simple: there is a hacker group that undoubtedly worked for some kind of intelligence service of a foreign state.”
According to him, the fact that a hacker group was working on the critical infrastructure of the Republic of Kazakhstan was not news to the Committee. Back in 2022, the information security operations center discovered the first traces of the illegal presence of a hacker group at the Kcell operator. This information was then transferred to the National Information Security Coordination Center. Based on the results of the inspection, the same traces of presence were found in the infrastructure of other cellular operators.
“It took about a year to stop this access. And if you see from the leak, the latest information is exactly 2022. In 2019, 2020, 2021, they still had some kind of access or made attempts to gain access to this infrastructure, and in 2022 we managed to completely exclude them from access,” explained the head of the Information Security Committee of the ICRIAP. He noted that this was clearly an intelligence action by some special service using hacker methods. And the arsenal used by the hacker group is amazing. But it is very difficult to blame someone directly.
Kazakhstanis should be prepared for the fact that their personal data is either already compromised or may fall into the hands of hackers. Olzhas Satiev, President of the ALE "TSARKA" (Center for Analysis and Investigation of Cyber-Attacks) stated this at a briefing on information security issues at the ICRIAP RK.
Commenting on the information about the recent leak of personal data of Kazakhstanis, the expert noted that the aggravation of problems with information security in Kazakhstan is the flip side of the country’s rapid digitalization. The introduction of electronic services, the speed of which Kazakhstan is often ahead of conservative Europe, is proceeding faster than the country’s citizens master the basics of personal data protection.
“Digitalization is a double-edged sword. Either it is convenient, or it is protected, but limits you in some actions. Unfortunately, in Kazakhstan we have such a bias - we are such a startup country: we strive to get ahead and do everything quickly, quickly, launch quickly,” said Olzhas Satiev.
The leak sheds light on the forms and methods of Chinese intelligence. Software, Trojans for Windows, Mac, iOS and Android, DDoS services, systems for de-anonymizing social network users, Wi-Fi hacking equipment and much more. A lot of information about the methods of penetration and obtaining information.
The attackers targeted both general information, such as databases, and targeted information of specific individuals: control of correspondence, calls and movement. Data analysis showed that the volume of stolen information is measured in terabytes. Data source: critical infrastructure of Kazakhstan, Kyrgyzstan, Mongolia, Pakistan, Malaysia, Nepal, Turkey, India, Egypt, France, Cambodia, Rwanda, Nigeria, Hong Kong, Indonesia, Vietnam, Myanmar, Philippines and Afghanistan.
For Kazakhstan, the scale of the cyber threat may be very significant and unpredictable. The leak revealed confidential data of Kazakh telecom operators such as Beeline, Kcell and Tele2.
There are also references to Kazakhtelecom and the Unified Accumulative Pension Fund of the Republic of Kazakhstan.
According to researchers from TsARKA:
“The Chinese APT group has been sitting in the Kazakh infrastructure for about 2 years and this is just the tip of the iceberg. No one knows how many undetected hackers and leaks of our data there are. All this is the result of unsystematic actions and the priority of departmental interests over the interests of the state. The structure of the state, in which the Information Security Committee is subordinate to the Ministry of Digitalization, will always be vulnerable. Kazakhstan needs a separate independent body outside the Government responsible for cybersecurity - the Cybersecurity Agency.”
Government agencies have already responded to the incident
The Ministry of Digital Development, Innovation and Aerospace Industry of Kazakhstan (MCRIAP) stated:
“In connection with the dissemination of information on the Internet regarding the leakage of personal data, we inform you that today the ministry, together with the National Security Committee of the Republic of Kazakhstan, is analyzing the received materials.”
UAPF, in turn, already claims that the information about the data leak is untrue:
“The UAPF security services conducted a detailed analysis of the data posted on the GitHub website. As a result, it was established that the published catalog contains only a description of the enpf.kz site. At the same time, the site is an open source of information and does not contain personal data of depositors and recipients.”
At a plenary meeting on February 21, Member of the Mazhilis of the Parliament of the Republic of Kazakhstan Ekaterina Smyshlyaeva commented on all the recent scandals with the leakage of personal data of Kazakhstanis to the Internet. In her request to First Deputy Prime Minister Roman Sklyar, she voiced the essence of the incident:
“The leak was discovered on foreign resources. This is another consequence of direct disregard of legal requirements by large, far from poor companies. We trust them with sensitive information every day with the expectation that it will be kept safe.”
However, Smyshlyaeva noted, news about leaks of personal information of Kazakhstanis can be found in news feeds almost every day.
“This causes fair criticism from citizens. It is alarming how the quality and degree of confidentiality is changing. If earlier we were talking about addresses and telephone numbers, today medical data, banking information, that is, information that is secret, is leaked using the same schemes,” the deputy said.
At the same time, according to her, even the adopted amendments to the law are not always implemented in practice. Thus, on February 13, a legislative ban on collecting paper copies of IDs came into force.
“Have the rules and regulations of organizations, for example, train stations or hotels, been revised? No, paper copies are still collected everywhere,” said Ekaterina Smyshlyaeva.
Having touched upon another recent scandal in her address - the leak of sensitive data of KazNU students, the deputy asked the question of collecting excess information from citizens:
“When was the last time an authorized body in the medical field assessed and revised the list of medical information that is subject to collection and storage? When receiving accreditation, registering on websites, and applying for discount cards, citizens fill out several sheets of forms according to the principle “it has always been this way.” People get away with this kind of disregard for security requirements because citizens’ awareness of their digital rights is still low.”
In this regard, she proposed either increasing the staffing level of the authorized body for the protection of personal data, or considering the redistribution of functions, possibly transferring them to a competitive environment, that is, to accredited organizations in the field of information security.
She also pointed out the need to strengthen the administration of the requirements adopted regarding the circulation of personal data and the request for information, and to ensure that citizens are informed about the rules for handling data through state information policy.
GTS JSC commented on the compromise of the infrastructure of telecom operators in Kazakhstan.
In 2022, GTS JSC, in cooperation with the National Security Committee, identified the activities of a foreign hacker group in the infrastructure of cellular operators, the department said in a statement. The audit showed that attackers gained unauthorized access to databases back in 2021.
“The reason for the penetration was a gross violation of measures to ensure information security on the part of the telecom operators themselves. Threats and risks have been neutralized by the measures taken,” the State Customs Service assures.
The authorized body in the field of information security of the Republic of Kazakhstan (MCRIAP) is conducting an inspection regarding access to the infrastructure of the UAPF and the Air Astana company.
The Chairman of the Information Security Committee of the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan, Ruslan Abdikalikov, based on an analysis of materials provided by TsARKA, stated that:
“We cannot blame any country or any intelligence agency for violating our laws. That is, there is no direct evidence, so we want to say that China is a strategic partner of our country. Accordingly, in our understanding, the situation looks quite simple: there is a hacker group that undoubtedly worked for some kind of intelligence service of a foreign state.”
According to him, the fact that a hacker group was working on the critical infrastructure of the Republic of Kazakhstan was not news to the Committee. Back in 2022, the information security operations center discovered the first traces of the illegal presence of a hacker group at the Kcell operator. This information was then transferred to the National Information Security Coordination Center. Based on the results of the inspection, the same traces of presence were found in the infrastructure of other cellular operators.
“It took about a year to stop this access. And if you see from the leak, the latest information is exactly 2022. In 2019, 2020, 2021, they still had some kind of access or made attempts to gain access to this infrastructure, and in 2022 we managed to completely exclude them from access,” explained the head of the Information Security Committee of the ICRIAP. He noted that this was clearly an intelligence action by some special service using hacker methods. And the arsenal used by the hacker group is amazing. But it is very difficult to blame someone directly.
Kazakhstanis should be prepared for the fact that their personal data is either already compromised or may fall into the hands of hackers. Olzhas Satiev, President of the ALE "TSARKA" (Center for Analysis and Investigation of Cyber-Attacks) stated this at a briefing on information security issues at the ICRIAP RK.
Commenting on the information about the recent leak of personal data of Kazakhstanis, the expert noted that the aggravation of problems with information security in Kazakhstan is the flip side of the country’s rapid digitalization. The introduction of electronic services, the speed of which Kazakhstan is often ahead of conservative Europe, is proceeding faster than the country’s citizens master the basics of personal data protection.
“Digitalization is a double-edged sword. Either it is convenient, or it is protected, but limits you in some actions. Unfortunately, in Kazakhstan we have such a bias - we are such a startup country: we strive to get ahead and do everything quickly, quickly, launch quickly,” said Olzhas Satiev.
(text translation is carried out automatically)
