Kazakhstan has initiated an investigation into a cyberattack on the Ministry of Foreign Affairs, which is believed to be linked to Russian hackers, as reported by The Record.
The country's Ministry of Digital Technologies took action following the release of a report by the French company Sekoia, which described a cyber-espionage campaign targeting diplomatic institutions in Central Asia, including Kazakhstan.
According to the report, the attack is attributed to the UAC-0063 group, which may be connected to the Russian APT28 (also known as Fancy Bear or BlueDelta). The hackers used malicious software CherrySpy and Hatvibe, attacking Kazakhstan's Ministry of Foreign Affairs at least since mid-2023. However, the authorities only decided to audit the ministry after the Sekoia investigation was published last month. Further actions will be taken depending on the audit's results.
When asked about Russia's possible involvement, Kazakh officials stated that it is too early to draw conclusions. Previously, the National Security Agency of Kazakhstan also reported that it had no confirmation of Russian involvement in the attack.
The UAC-0063 group has been active since 2021 and has previously targeted diplomatic, energy, and defense organizations in Ukraine, Israel, India, and Central Asian countries. In the latest cyberattack, the hackers used real documents, likely stolen from Kazakhstan's Ministry of Foreign Affairs, to distribute malware among victims. These files concerned diplomatic and economic matters, including Kazakhstan's cooperation with other countries.
Experts believe the attack may be part of a larger cyber-espionage campaign aimed at gathering strategic information about Kazakhstan's ties to the West and Central Asia. Earlier in January, the Indian company Seqrite reported another cyberattack in the region, linked to an unknown group, Silent Lynx. This group targets think tanks and banks, and its activities overlap with Kazakhstan's cyber-espionage network YoroTrooper, which first emerged in 2022.
