• Wed. Oct 18th, 2023

Possible Russian Group Cyber Espionage in Central Asia

Avatar photo


Jul 12, 2023
Possible Russian cyber espionage in Central Asia

According to Bitdefender, a potentially Russian state-sponsored hacking gang has been using an innovative backdoor against foreign governments in Kazakhstan and Afghanistan. Although there is no concrete proof that Russian state hackers are responsible for the assaults that have been seen, security specialists at the cybersecurity business claim that there are certain clues that Moscow is to blame. 

At least one victim looks to be a Kazakhstan embassy. One of the warning signs is a bait document made with the popular “SpecialisST RePack” cracked version of Microsoft Office 2016 that is used in Russian-speaking nations. 

It was also written in Python and C++ by the coders behind the backdoor, known by Bitdefender as DownEx. Security analysts have observed Russian intelligence hacking organization APT28 using different programming languages in the past. 

In late 2022, Bitdefender initially identified DownEx. Although the initial infection vector is unknown, experts believe that spear phishing is plausible. The attack “used a straightforward method of disguising an executable file as a Microsoft Word document using an icon file associated with.docx files.”

Upon execution, DownEx loads a Word document with a covert appearance and launches an HTML application script. The following step of payload retrieval from a command-and-control server failed in the Bitdefender-analyzed samples, but experts believe malware would still be able to establish persistence. 

Following execution, DownEx scans local and network devices for a variety of assets, including compressed files, PDFs, pictures, videos, Word, Excel, and PowerPoint documents. Additionally, it searches for QuickBooks log files and encryption keys. Each encrypted zip package used by the virus to steal data is just 30 megabytes in size. 

The End of the Long Term Partnership

Kazakhstan had always been a Russian friend, but when Russia invaded Ukraine in 2022, relations between the two countries soured. The Central Asian nation ended a cooperative telecom security project worth $39 million it had partnered on with Russia in 2019. 

During a conference of Central Asian presidents, Kazakhstan’s Kassym-Jomart Tokayev likewise declined to have bilateral discussions with Russian President Vladimir Putin and refused to acknowledge the Ukrainian territory Russia claimed to have acquired.