New messages with compressed attachment, which contains a .doc file. This, if opened, contacts a link from an internal list that downloads the malware from the Epoch 2 botnet.
Kazakhstan start spying all internet traffic inside the country, forcing users to install a government-issued certificate on all devices, computers and mobile. The formal objective: improve cyber security against hacker attacks
The Kazakhstan government has started intercepting all HTTPS internet traffic inside the country. It has been reported by ZDNet. Local internet service providers (ISPs) have been instructed to force their respective users into installing a government-issued certificate on all devices, computer or mobile, and in every browser. The Ministry of Digital Development, Innovation and Aerospace announced only internet users in Nur-Sultan will have to install the certificate; however, users from all across the country reported being blocked from accessing the internet until they installed the government’s certificate. Some users also received SMS messages on their smartphones about having to install the certificates. These, once installed, will allow local agencies cyber security experts to decrypt users’ HTTPS traffic, look at its content, encrypt it again with their certificate, and send it to its destination.
Nur-Sultan already tried such a move in 2015, but the decision was never implemented, because it was sued by several organizations, including ISPs, banks, and foreign governments
Kazakhstan Ministry said the objective is to improve the cyber security of the country. The measure was “aimed at enhancing the protection of citizens, government bodies and private companies from hacker attacks, Internet fraudsters and other types of cyber threats.” Government already tried to force all citizens to install a root certificate in December 2015. But the decision was never implemented, because it was sued by several organizations, including ISPs, banks, and foreign governments, who feared this would weaken the security of all internet traffic (and adjacent business) originating from the country. NurSultan also also applied with Mozilla to have its root certificate included in Firefox by default, but the company declined. Currently, browser makers like Google, Microsoft, and Mozilla are discussing a plan of action on how to deal with sites that have been (re-)encrypted by the Kazakh government’s root certificate.