On 2020-12-05, the government of Kazakhstan announced an "exercise" and told people they would have had to install a root TLS certificate in order to access certain foreign web sites. The next day, users in the capital city of Nur-Sultan reported TLS man-in-the-middle attacks. The situation is very similar to what happened in July of last year.

https://www.gov.kz/memleket/entities/mdai/press/news/details/132113?lang=ru (archive)

О проведении учений «Информационная безопасность Нур-Султан - 2020»

Министерство цифрового развития, инноваций и аэрокосмической промышленности Республики Казахстан совместно с Комитетом национальной безопасности Республики Казахстан сообщает о предстоящих учениях в г.Нур-Султан «Кибер-безопасность Нур-Султан-2020» с 6 декабря 2020 года.

В текущем году в связи пандемией и переходом на дистанционные формы работы участились кибератаки на цифровое пространство страны.

В частности, в 2020 году по сравнению с аналогичным периодом прошлого года количество кибератак в казахстанском сегменте Интернет выросло почти в 2,7 раз.

К защите от киберугроз будут привлечены Национальный координационной центр информационной безопасности и система «Киберщит Казахстана», Центр анализа и расследования кибер атак (ЦАРКА), а также силы и средства оперативных центров информационной безопасности КВОИКИ и операторов связи, подразделений по обеспечению информационной безопасности государственных органов и частных компаний.

В период проведения киберучений возможно возникновение различных проблем с доступом к некоторым зарубежным интернет-ресурсам, которые могут быть устранены путём установки сертификата безопасности.

Для получения детальной информации по его установке необходимо обращаться к операторам связи на их официальные интернет-ресурсы и в службы технической поддержки.

On conducting the exercise "Information Security Nur-Sultan - 2020"

The Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan jointly with the National Security Committee of the Republic of Kazakhstan reports on the upcoming exercise in Nur-Sultan "Cyber Security Nur-Sultan-2020" from December 6, 2020.

This year, due to the pandemic and the transition to remote forms of work, cyber attacks on the country's digital space have become more frequent.

In particular, in 2020, compared to the same period last year, the number of cyber attacks in the Kazakh Internet segment increased by almost 2.7 times.

The National Coordination Center of Information Security and the "Cyber Shield of Kazakhstan" system, the Center for Analysis and Investigation of Cyber Attacks (TSARKA), as well as forces and means of operational centers of information security of KVOIKI and telecommunications operators, information security units of state bodies and private companies will be involved in protection against cyber threats.

During cyber exercises it is possible that different problems with access to some foreign Internet resources may occur, which can be eliminated by installing a security certificate.

For detailed information on its installation it is necessary to address to communication operators on their official Internet resources and in technical support services.

Catalin Cimpanu has an article with a screenshot of the message displayed to users of the ISP Beeline:

https://www.zdnet.com/article/kazakhstan-government-is-intercepting-https-traffic-in-its-capital/ (archive)

Starting today, December 6, 2020, Kazakh internet service providers (ISPs) such as Beeline, Tele2, and Kcell are redirecting Nur-Sultan-based users to web pages showing instructions on how to install the government's certificate. Earlier this morning, Nur-Sultan residents also received SMS messages informing them of the new rules.

Kazakhstan users have told ZDNet today that they are not able to access sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix without installing the government's root certificate.

There's discussion and links in a Bugzilla ticket:

https://bugzilla.mozilla.org/show_bug.cgi?id=1680927 (archive)

06.12.2020 will be exercises on "security". And will be tests with CA from government.
https://www.gov.kz/memleket/entities/mdai/press/news/details/132113?lang=ru (archive) https://www.kcell.kz/ru/product/trust-certificate (archive)
https://www.tele2.kz/support/sertificat (archive)

Cert: https://beeline.kz/binaries/content/assets/cert/information_security_certification_authority_ca_pem.crt (archive)
Test site: https://check.isca.gov.kz/ (archive)

Censored Planet, who thoroughly investigated the MITM in Kazakhstan last year, has started measuring how many vantages in Kazakhstan are showing MITM by the new root certificate. They have also compiled a list of affected domains and found the likely IP addresses of the interception devices. According to my reading of their graph, the MITM was only in effect on 2020-12-06 and stopped happening after that day.

https://censoredplanet.org/kazakhstan/live (archive)

In a repeat of its efforts from July-August 2019, Kazakhstan recently (starting from December 6, 2020) began using a new fake root CA (Information Security Certification Authority CA) to conduct man-in-the-middle (MitM) drills against HTTPS connections to websites including Facebook, Twitter, and Google.

Compared to the previous interception attempt in 2019, we observe through remote measurements that the scale of hosts inside Kazakhstan experiencing the interception has increased from ~7% in 2019 to ~11.5% in 2020. The list of domains targeted is similar to the one in 2019, consisting of Google, Facebook, Twitter, VK and mail.ru domains. Since major browser vendors blocked the use of the Qaznet Root certificate that was used in 2019, a new root CA has been established (ISCA), and the interception system has also seen updates.

Number of Vantages Observing MitM (Out of 7764 measured):

On 2020-12-18, browser vendors added the new MITM certificate to a blocklist to prevent it from being used, even by users who had installed it manually.

https://www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/ (archive)

Browser makers Apple, Google, Microsoft, and Mozilla, have banned today a root certificate that was being used by the Kazakhstan government to intercept and decrypt HTTPS traffic for residents in the country's capital, the city of Nur-Sultan (formerly Astana).

After today's ban, even if users have the certificate installed, browsers like Chrome, Edge, Mozilla, and Safari, will refuse to use them, preventing Kazakh officials from intercepting user data.

Today's ban also marks the second time the four browser makers banned a certificate issued by the Kazakh government for man-in-the-middle (MitM) attacks. They blocked a first one in August 2019, a certificate that was used to intercept traffic for various Russian and English-speaking social media sites.