Thursday, August 4, 2016

Uzbekistan, Kazakhstan Said to be Hacking, Spying on Their Political Dissidents

On 3 August 2016, OSINT has reported that the countries of Uzbek, KAZ, are alleged to be hacking and spying in their political dissidents.  Radio Free Europe is reporting that Uzbekistan, Kazakhstan, and other authoritarian type governments have reportedly acquired cyber tools used by Western law enforcement and are using them to hack and harass their political dissidents.  

Cyber researchers have allegedly found that since the early 2000s, western security companies have sold mass surveillance products to the Uzbekistan and Kazakhstan.  These tools have provided authorities the ability to quickly locate and arrest people who discuss sensitive information on the phone or via e-mail.  This to include a dissident Uzbek blogger.  The hacking campaign involved physical surveillance, threats of violence, and instances of cyber attacks.  

E-mail communication of dissidents to their attorneys were used to trick recipients into installing one of two types of commercially available spy software.  What appears to becoming common in these geographic areas are the use of malware by governments to spy on their political dissidents, specifically exiles who live outside of their government's direct sphere of influence.  This practice shows the use of legitimate cyber tools by governments in collaboration with black hat hackers being utilized for political purposes.  

Wapack Labs has conducted previous research on China dissident targeting, very similar to this eastern European matter.  Additionally, we knew Uzbekistan was buying cyber exploits from the same cyber vendors which was highlighted in a 2015 research paper: “the Hacking Team was working with some customers directly and with others by using “channels.” One such re-seller was the Israeli defense contractor, used to access markets in 2014 such as Ethiopia, Honduras, Nigeria and Uzbekistan. Later, in December 2012, a cyber representative asked the Hacking Team if they sold directly to FSB and hacking team representatives replied that they did, but as the data breach shows, the company was using Russian third parties.”  Wapack Labs continues to research this issue in support of our clients.

Publication Date: Publication Date: 3 August 2016
Handling Requirements: Traffic Light Protocol (TLP) GREEN
Attribution/Threat Actors: OSINT- hacking against Brazil 
Actor Type: Tier II
Potential TargetsUzbekistan, Kazakhstan
WL RSA source:
Radio Free Europe
Associated Press

This report was published in its entirety to the Financial Services ISAC and Red Sky Alliance portal on August 3, 2016.  For more information, contact Wapack Labs at 844-4-WAPACK.