Kazakhstan’s Biggest Telecom Operator Points Fingers At China For Data Hack; Cyber Firm Calls It ‘Typical’ Chinese Work

Of the five Central Asian Republics, Kazakhstan is the one that China has been passionately trying to woo despite all the odds. Over the years, China has strengthened its ties with Kazakhstan through economic cooperation, border agreements, and strategic partnerships.

Kazakhstan is China’s second–largest economic partner after Russia. Ties between the Central Asian Republics (CARs) and China were further strengthened when the CARs joined the China–sponsored Shanghai Cooperation Organization (SCO) in 2001.

It has to be remembered that Chinese President Xi’s first visit to a foreign country after COVID-19 was to Kazakhstan on his way to Samarkand to attend the SCO Summit.

Sensitivity Of Relations

The axiom goes that in politics, there are no permanent friends or foes; there are only permanent political interests.

Recent incidents related to Chinese nationalism and the simmering discontent among the Uyghur of erstwhile Eastern Turkistan (now Xinjiang under Chinese control) have cooled their relations.

Some observers even assert that China’s growing power and influence may be seen as a threat by the CARs, including Kazakhstan, which is the largest among them.

The recent allegations of data hacking by some Chinese companies of Kazakhstan’s sensitive records can have the potential to widen the gap covertly.

Basis Of Allegation

Kazakhtelecom, the country’s largest telecommunication operator, and other cellular operators like Beeline, Kcell, and Tele2 have alleged that the compromised data included personal user information.

Almaz Kumenov, writing in the Eurasian Net on 22 February 2023, said, “A trove of freshly leaked data, apparently from a contractor for China’s security services, has revealed that particular interest was taken in learning about law enforcement and military personnel in Kazakhstan.”

Informed sources, piecing the story together, say that random talks of leakage had begun earlier this month when unknown users of the GitHub developer platform uploaded a large amount of sensitive data coming from a Chinese company called I-Soon, which, according to their sources, had done work for the Chinese Ministry of Public Security.

The data was reportedly sourced from all over the world, including Afghanistan, Egypt, France, India, Kazakhstan, Kyrgyzstan, Mongolia, Pakistan, and Turkey, among others.

This reflects China’s widespread information collection network. Chinese surveillance ships have been roaming in different parts of the South China Sea and the Indian Ocean, as well as ports in Bangladesh, Sri Lanka, Pakistan, Djibouti, Aden, and, more recently, the Maldives.

It would not be out of place that a Chinese spy balloon was downed somewhere in the northern areas of the US. China at first denied its ownership but later on, under US pressure, tried to take shelter behind the pretext that the US had been sending balloons over the Chinese territories or the ocean.

More Evidence

Once Kazakh authorities sensed the “betrayal,” they pursued the issue for further investigation. On 20 February, TsARKA, a Kazakhstan–based cyber-security company, suggested on its website that the leak revealed the techniques preferred by Chinese IT surveillance operatives. These include Trojan viruses, systems for de-anonymizing social network users, and Wi-Fi networking hacking equipment.

According to the Centre for Analysis and Investigation of Cyberattacks (CARCA), a Chinese company engaged in cyber-intelligence operations in several countries has also operated in Kazakhstan.

The Central Asian Times of 21 February reported that the secret data from the company I-Soon also known as Anxun) were published by unknown persons. The company is a contractor of China’s Ministry of Public Security. There are also rumors that I-Soon is linked to Chengdu 404, China’s notorious cyber-intelligence structure, also known as APT41.

It appears that the Chinese intelligence has evinced special interest in Kazakhstan. The Asia Times reports that “based on an analysis of the leaked information, TsARKA claimed that at least one  hacker group had full access to the  critical infrastructure of Kazakhstan’s telecom operators over a period of more than two years.”

Who Has Been Targeted?

The targeted entities include Kazakhtelecom, the country’s largest telecommunication operator, and cellular operators Beeline, Kcell, and Tele2.

The information included subscribers’ personal data, names, email and postal addresses, phone numbers, call logs, device IMEIs, and login passwords. Other targeted entities were the State Pension Fund and airline company Air Astana.

The pension fund, however, has denied that any of its data has been hacked. TsARKA identified the targeted individuals as employees of the National Security Committee, or KNB, and the Defence Ministry.  

Experts think that the Trojan horse malware mentioned above could pull out all host information, manage processes and files (view, delete, execute, modify), execute commands (CMD operations), take screenshots, record every button pressed on the keyboard, and more.

The authors claim that 95% of antivirus programs, including Kaspersky, Symantec, and others, will not be able to detect this Trojan.

Image for Representation

Gravity Of The Crime    

There are rules and regulations on national and international levels and also there are resolutions of the United Nations designating cyber-attacks as crime and culpable under local law.

China is a member of the SC and carries more responsibility for ensuring the sanctity of the UN mandate. We think that the scale on which China is running its surveillance network should alarm international bodies, and some concerted effort should be made to checkmate the recurrence of such crimes.

If this kind of spying is allowed to continue, nothing will be secret or confidential, and what harm that would do is mind-boggling.