The Republic of Kazakhstan has ranked second in terms of the number of cyber attacks, accounting for 8% of all attacks, according to a recent report on cyber threats in CIS countries for 2023 and the first half of 2024. The primary target for attackers in Kazakhstan was the media, with 19% of attacks aimed at this sector. The majority of cyber incidents (65%) involved the use of malicious software, leading to a leakage of confidential information in 35% of cases.
Cybercriminals have shown a high level of interest in Kazakhstan, as evidenced by the significant number of advertisements related to the country on the Darkweb. Kazakhstan ranks third in the Commonwealth for the number of references on the Darkweb, with most ads offering fake documents for sale (48%) and money cashing services (38%). The price of fake documents ranges from 7 to 2700 US dollars.
In addition to the media, cybercriminals also targeted state institutions (12%), financial organizations (12%), and telecommunication companies (7%) in Kazakhstan. The country is among the top three CIS nations facing the highest number of cyber attacks on the telecommunication industry. One notable incident involved cybercriminals gaining full control over the infrastructure of Kazakhstani telecom operators for over two years after confidential information of a Chinese company was published on GitHub in February 2024.
Attackers in Kazakhstan often sought to steal personal and accounting data using malware such as Redline, Vidar, Raccoon, and Azorult. The stolen information is typically used in subsequent attacks, sold, or distributed for free on the Darkweb, with prices for databases of CIS country residents ranging from 100 to 50,000 US dollars.
Phishing emails were the most common method (74%) used to deliver malicious software to victims in Kazakhstan. For instance, in December 2023, a phishing email targeting a Kazakh state entity was discovered, aiming to infect computers with the Sugargh0st Trojan.
Social engineering tactics were employed in 53% of all cyber attacks against Kazakhstan. In June 2024, Positive Technologies reported a phishing email sent to an employee of a Kazakhstani organization, requesting a password update through an attached HTML file. The data entered by the employee was then redirected to cybercriminals.