A targeted cyberespionage campaign appears to be infecting the systems of Kazakhstan lawyers and associates of exiled dissidents with spyware. The campaign is allegedly part of an extended and complicated government spying initiative, involving physical threats and surveillance.
Hackers believed to be hired by Kazakhstan government officials, have injected malware into the systems of those in contact with exiled dissidents, according to a report submitted at the Black Hat US 2016 conference in Las Vegas, Reuters reported. An unnamed Indian firm is believed to have been hired by the hackers to target those opposing the Kazakh government as well as western lawyers. Researchers are slated to make the name of the Indian firm public on 4 August.
Researchers at the EFF (Electronic Frontier Foundation) inspected emails sent to a New York-based human rights lawyer Peter Sahlas, exiled Kazakh publishers Irina Petrushova and Alexander Petrushov and Italian lawyer Astolfo Di Amato. Di Amato is currently involved in a legal dispute with the Kazakh government over an incident in 2013 that saw the arrest and deportation of the wife and child from Italy of an exiled Kazakh dissident Mukhtar Ablyazov.
"This is one of the very few campaigns where there is such a direct link between spying and physical danger," said EFF policy analyst Eva Galperin.
"EFF's technical analysis confirmed what I had always suspected," said Sahlas. The lawyer represents Ablyazov's family as well as other dissidents and claims to recount spine-chilling incidents of discovering GPS tracking devices, break-ins and strangers turning up with cameras during public meetings.
Based on extensive examination of the domain names, internet addresses and the techniques used by the hackers to execute the malware, it is suspected that an Indian company was hired to send out the malware-laced emails. The emails were found to be designed to hoodwink the recipients into installing one of two kinds of spyware, both of which are believed to be commercially available. The spyware was also found to have the ability to track keystrokes and switch on webcams without the indicator light.
"We suspect that the use of malware by governments to spy on political dissidents, especially exiles who live outside of their government's direct sphere of influence, is increasingly common," the research team concluded.