In a repeat of its efforts from July-August 2019, Kazakhstan used a new custom root CA (Information Security Certification Authority CA) on December 6, 2020, to conduct man-in-the-middle (MitM) drills against HTTPS connections to websites including Facebook, Twitter, and Google. The interception is no longer active.
Compared to the previous interception attempt in 2019, we observe through remote measurements that the scale of hosts inside Kazakhstan experiencing the interception had increased from ~7% in 2019 to ~11.5% in 2020. The list of domains targeted is similar to the one in 2019, consisting of Google, Facebook, Twitter, VK and mail.ru domains. Since major browser vendors have blocked the use of the Qaznet Root certificate that was used in 2019, a new root CA was established (ISCA), and the interception system had also seen updates.