Kazakhstan Government Uses Malware to Spy on Journalists and Political Activists

Share this…

EFF exposes threat group operating for Kazakhstan regime. The Electronic Frontier Foundation (EFF) has released a report today named Operation Manul that details attacks with malware on Kazakhstan’s top journalists and political activists, who have taken a stance against the current authoritarian regime.

According to a team of EFF, First Look Media, and Amnesty International experts, the attacks used off-the-shelf malware that costs around $40, which a threat group has sent to victims as boobytrapped files attached to spear-phishing emails.

Once victims opened the files, using known exploits, the user’s computer would get infected with malware. EFF says that in most cases, the threat group had used two RATs (Remote Access Trojans): Bandook and JRat.

Attacks targeted regime dissidents

At the receiving end of these files were Irina Petrushova and Alexander Petrushov, publishers of former independent newspaper Respublika, now only available online, after it was shut down in Kazakhstan.

Additionally, the group also targeted the lawyers, circle of friends, and  family members of Mukhtar Ablyazov, co-founder and leader of opposition party Democratic Choice of Kazakhstan.

EFF claims that malware sent to Ablyazov’s family members might have helped the Kazakhstan government track down their whereabouts in Italy, ask for the arrest of Ablyazov’s wife and daughter, and then hastily have them deported. Ablyazov is currently fighting extradition to Kazakhstan in France.

Government hired an Indian company to do all the hacking

Evidence presented in the Operation Manul report claims that an Indian company might have carried out the cyber-espionage operations on behalf of the Kazakhstan government.

Researchers found IP addresses and infrastructure that linked the attacks to a company named Appin Security Group. The same infrastructure was also detected in cyber-espionage operations against a Norwegian telecom company and Punjabi separatists in previous years.

The report highlights that governments don’t need expensive surveillance tools provided by the Hacking Team, and commodity malware is as effective.

“Our research shows that such cheap, commercially available malware can have a real impact on vulnerable populations,” said Eva Galperin, Global Policy Analyst at EFF. “Much of the past research in this area has exposed campaigns carried out by governments using spy software which they have purchased. In this case, the evidence suggests that the government of Kazakhstan hired a company to carry out the attacks on their behalf.”

What an attacker would have seen via JRat malware

What an attacker would have seen via JRat malware