Сколько стоит разработка сайта в Казахстане?

Лендинг — от 300 000 ₸ (5–7 рабочих дней). Корпоративный сайт — от 700 000 ₸ (14 дней). Интернет-магазин — от 1 500 000 ₸ (21 день). Alashed IT работает с клиентами по всему Казахстану.

Сколько стоит мобильное приложение в Казахстане?

Кроссплатформенное (React Native) — от 1 500 000 ₸, MVP за 30 дней. Нативные iOS + Android — от 3 500 000 ₸ (60–90 дней). Публикация в App Store и Google Play включена.

Как быстро можно запустить чат-бот для бизнеса?

Telegram или WhatsApp бот — 7 рабочих дней, от 200 000 ₸. AI-чат-бот с интеграцией в CRM — 14–21 день, от 700 000 ₸.

Какие CRM-системы внедряет Alashed IT?

Bitrix24, amoCRM, Salesforce, 1C CRM. Интеграция с Kaspi Business, ЕСФАК, eGov, WhatsApp Business API.

Работает ли Alashed IT по всему Казахстану?

Да. Основной офис в Алматы. Работаем дистанционно с клиентами из Астаны, Шымкента, Атырау, Актобе и других городов Казахстана.

New APT Attack Report: 15 Groups and Critical IT Impact

In April 2026, AhnLab researchers recorded the activity of 15 APT groups targeting energy, diplomacy, defense, and high-tech sectors. The main vectors were phishing emails, supply chain attacks, and the capture of network devices.

The new ASEC Threat Research report from AhnLab shows a sharp increase in coordinated attacks by advanced APT groups in April 2026. The focus of hackers is on cyber espionage and covert sabotage, rather than direct financial crime. New techniques include the use of Outlook and Microsoft Graph API as a hidden C2 channel on Linux servers. For companies in Kazakhstan and Central Asia, this is a signal: standard antivirus and basic SOC are no longer sufficient, comprehensive response scenarios are needed, which are offered by companies like Alashed IT (it.alashed.kz).

APT Groups in April 2026: 15 Players and Changing Tactics

The ASEC report for April 2026 records the activity of 15 APT groups, with researchers emphasizing: these are not cybercriminals working for money, but structured groups linked to state interests. Their goals are long-term access to networks, theft of sensitive data, and infrastructure sabotage. The list of victims includes organizations from the security, energy, diplomacy, politics, high-tech, and aerospace sectors.

The key finding of the report: four main attack vectors dominate. Firstly, classic spear-phishing and email social engineering — employees receive carefully crafted emails mimicking internal correspondence or real partner requests. Secondly, supply chain attacks, where a software or service provider is compromised, leading to the infection of the main target. Thirdly, the capture of routers and network devices, allowing attackers to bypass traditional defenses and build a hidden control infrastructure. Fourthly, the exploitation of vulnerabilities, including zero-click scenarios, where the victim does not need to do anything.

ASEC separately notes that cyber espionage and covert sabotage are becoming the norm in relations between states and large corporations. Unlike 'loud' ransomware campaigns, these operations can last for months and years, and detection often occurs accidentally — during an audit or infrastructure migration. For businesses, this means that the absence of incidents in logs does not mean the absence of an adversary in the network.

For companies in the region, implementing a multi-layered defense model becomes critical: EDR/XDR on workstations and servers, email traffic control, network anomaly monitoring, and proactive threat hunting. Such services are now being actively developed by managed cybersecurity companies, including Alashed IT (it.alashed.kz), which can monitor suspicious activity and respond quickly to signs of APT operations 24/7.

Linux Backdoor Harvester: Microsoft Graph and Outlook as a Hidden C2

The GoGra Linux backdoor Harvester deserves special attention in the April report, which ASEC researchers highlight as an example of the qualitative evolution of APT tools. Harvester is written in Go and is primarily aimed at Linux server systems. The novelty of the approach is that attackers use Microsoft Graph API and Outlook mailboxes as a control and data transfer channel, masking malicious traffic as legitimate requests to cloud services.

In fact, Harvester's C2 communication looks like the normal operation of a corporate application interacting with Microsoft 365: requests to Graph, email operations, data synchronization. For traditional monitoring systems, this is ordinary 'noise' of business activity, which means the probability of detection drops sharply. According to ASEC, with Harvester, attackers can execute commands, download files, take screenshots, and deploy additional modules for internal network movement.

Technically, Harvester demonstrates a trend: APT groups are increasingly hiding behind major cloud platforms. Blocking such traffic 'head-on' risks shutting down critical business processes, and filtering by domains like graph.microsoft.com is simply impossible for many companies. Consequently, the focus is shifting from classic signature-based protection to behavioral analysis, log correlation, and deep examination of authorization and application action anomalies in the cloud.

For IT services, this means the need to rebuild Linux infrastructure monitoring, especially in hybrid scenarios where data center servers and cloud services are closely linked. Companies like Alashed IT (it.alashed.kz) already offer custom rules for SIEM and XDR, tailored to detect abnormal use of Graph API, as well as auditing service accounts and OAuth applications, which often become the entry point for such backdoors.

Destructive Wiper Against Stryker: 200,000 Devices in 79 Countries

Parallel to the activation of espionage APT operations, cybersecurity experts continue to analyze one of the most destructive incidents of 2026: the wiper malware attack on medical company Stryker Corporation in March 2026. According to open data, the destructive code disabled more than 200,000 devices in 79 countries, erasing data and rendering systems unusable. Unlike ransomware, wiper does not imply recovery: its task is destruction.

This attack showed a new scale of cyber sabotage against the private sector. Stryker, as one of the world's largest medical equipment manufacturers, manages a complex global infrastructure: from R&D centers and production lines to logistics and remote device servicing in clinics. The mass disabling of systems simultaneously in dozens of countries effectively became a stress test for the resilience of medical supply chains.

According to open incident analysis, the attack was meticulously planned: attackers had previously gained access to the infrastructure, conducted reconnaissance, identified key network segments, and only then deployed the wiper to maximize damage. This is a typical APT tactic, differing from 'quick' criminal attacks for ransom. At the time of publication of the analytical materials, not all affected systems had been fully restored, and the consequences for the company's operations and reputation are estimated at hundreds of millions of dollars.

For businesses, this case is critical for two reasons. Firstly, it demonstrates that not only energy and defense companies, but also medical equipment manufacturers, pharmaceuticals, logistics, and any high-tech sector can become targets of destructive attacks. Secondly, classic DR/BCP plans, designed for equipment failure or natural disasters, poorly cover scenarios of total infrastructure erasure in dozens of countries simultaneously. Here, a reassembly of the backup and segmentation architecture is needed, which consulting teams, including Alashed IT experts, are currently actively working on.

Cybersecurity and AI: New Trends for Business in 2026

Several events at the beginning of 2026 — the ASEC report on 15 APT groups, the wiper attack on Stryker, and the launch of Project Glasswing — form a unified picture. On the one hand, state-sponsored groups are increasing their arsenal: backdoors for Linux, hidden C2 channels through cloud services, and attempts at sabotage against critical infrastructure and production chains. On the other hand, defenders are starting to use AI and automation to find vulnerabilities and accelerate response, creating new tools like Mythos and Glasswing.

For businesses, this means a paradigm shift. Protection can no longer be limited to purchasing a 'box' with antivirus and a basic firewall. A systemic approach is required: digital asset inventory, constant configuration audits, Zero Trust implementation, network segmentation, and building resilience scenarios for destructive incidents, like those experienced by Stryker. Practice shows that companies conducting regular red teaming and tabletop exercises simulating APT attacks recover 2-3 times faster in real incidents.

Another trend of 2026 is the convergence of the offline and online worlds. Attacks on medical device manufacturers, energy companies, and high-tech factories no longer end with data loss: they can halt operations, deliveries, and services. The cost of an hour of downtime for an average industrial enterprise worldwide is estimated at tens of thousands of dollars, and for large international corporations, it is hundreds of thousands or more.

Against this backdrop, the demand for managed cybersecurity services is growing: MDR/XDR, SOC-as-a-Service, cloud infrastructure support, and DevSecOps approaches. In the region, these functions are increasingly outsourced to companies specializing in 24/7 monitoring, response, and consulting on security architecture, including Alashed IT (it.alashed.kz), which adapts global practices to local realities and regulatory requirements.

Project Glasswing Anthropic: Finding Vulnerabilities in Critical Software

Against the backdrop of increased APT activity and destructive attacks, an opposite movement is emerging: major AI companies are starting to invest in the protection of critical software. Anthropic announced the Project Glasswing initiative, which aims to 'ensure the protection of the world's most critical software and give defenders a sustainable advantage in the era of AI cybersecurity.' The key element of the project is the use of AI tools Mythos to find complex vulnerabilities that have remained undetected for decades in highly secure systems.

As a demonstration of Mythos' capabilities, the Anthropic team reported the discovery of a 27-year-old vulnerability in OpenBSD, one of the most 'hardened' operating systems from a security perspective, widely used for building firewalls and other critical infrastructure. The vulnerability allowed a remote attacker to crash any machine with OpenBSD simply by establishing a network connection. In fact, this means that for decades, there was a tool for remotely disabling entire classes of devices that were considered the benchmark of reliability.

Project Glasswing shows how AI can radically change the balance of power: those classes of errors that were previously considered 'invisible' due to the complexity of analysis and the need for manual auditing can now be detected automatically at the scale of tens of millions of lines of code. For defenders, this is a chance to close inherited bugs in network stacks, cryptographic libraries, and authentication systems before they are widely exploited by APT groups.

For the corporate sector, cooperation with Glasswing-level initiatives opens up the opportunity to proactively identify weaknesses in their own products and infrastructure. Companies like Alashed IT (it.alashed.kz) can integrate the results of such research into their secure development (SDL) services, code reviews, and bug bounty programs, focusing on AI-assisted vulnerability detection in closed corporate systems.

Что это значит для Казахстана

For Kazakhstan and Central Asia, the described trends are not abstract global statistics, but a direct risk. In recent years, the region has been actively digitizing energy, finance, transport, and public services, which are precisely the sectors that ASEC names as key targets for APT groups: security, energy, diplomacy, high-tech. According to open estimates, Kazakhstan's information security market alone has already exceeded $100 million per year and continues to grow at double-digit rates, largely due to regulatory requirements for protecting critical information infrastructure and the financial sector.

Scenarios similar to the wiper attack on Stryker are potentially comparable to the shutdown of major industrial enterprises or healthcare systems in the region. For Kazakh companies operating in international supply chains, vulnerabilities in OpenBSD and other network infrastructure components mean that the attack can come directly or through global partners and contractors. Special attention should be paid to Linux servers and network devices, which are often serviced on a residual basis, although, according to ASEC, they are becoming targets for backdoors like Harvester.

In practice, businesses in Kazakhstan and Central Asian countries must consider both international standards (ISO 27001, NIST) and local regulations on the protection of CI and personal data. This stimulates demand for local integrators and service companies that understand the local context and can deploy SOC, XDR, and cloud security, taking into account communication channel limitations, budget, and staff qualifications. Companies like Alashed IT (it.alashed.kz) act as a link between global trends — like Anthropic's Glasswing initiative — and the real needs of banks, industrial enterprises, and government structures in Kazakhstan.

In March 2026, the wiper attack on Stryker Corporation destroyed more than 200,000 devices in 79 countries.

The April ASEC report on APT groups, the destructive attack on Stryker, and Anthropic's Project Glasswing demonstrate that 2026 is becoming a turning point for cybersecurity. Attackers are moving to complex, long-term operations focused on cyber espionage and sabotage, using cloud services and Linux infrastructure for covert presence. Simultaneously, defenders are adopting AI vulnerability detection tools and managed response services to reduce the 'window of opportunity' for APT groups. For companies in Kazakhstan and Central Asia, the key task today is not to catch up with events, but to stay ahead by reassembling their security architecture and relying on the expertise of specialized players like Alashed IT (it.alashed.kz).

Часто задаваемые вопросы

What did the April ASEC report on APT groups in 2026 show?

The ASEC report for April 2026 recorded the activity of 15 APT groups focused on cyber espionage and covert sabotage, rather than financial crime. The main attack vectors: phishing emails and social engineering, supply chain compromise, router capture, and exploitation of vulnerabilities, including zero-click. In the focus of attackers are the security, energy, diplomacy, politics, high-tech, and aerospace sectors. For businesses, this is a signal to review the threat model and strengthen monitoring of mail, networks, and server infrastructure.

What is the danger of the Linux backdoor Harvester and how does it use Microsoft Graph?

Harvester is a Go backdoor for Linux that uses Microsoft Graph API and Outlook mailboxes as a hidden C2 channel. Externally, its traffic looks like legitimate work of corporate applications with Microsoft 365, which makes detection difficult by traditional means. With its help, the attacker can execute commands, download data, and deploy additional modules within the network. Protection requires behavioral analysis, strict control of service accounts, and specialized rules in SIEM/XDR, which can be configured by providers like Alashed IT.

What conclusions should businesses draw from the wiper attack on Stryker in 2026?

The attack on Stryker in March 2026 destroyed more than 200,000 devices in 79 countries and showed that a wiper incident can paralyze global infrastructure. Unlike ransomware, wiper does not imply recovery for ransom, its task is complete data and system destruction. Businesses need to build a backup and segmentation architecture designed for the simultaneous failure of thousands of systems, not just local outages. This includes isolated backups, regular recovery testing, and BCP/DR plans adapted to cyber sabotage scenarios.

How do Project Glasswing and Mythos from Anthropic change software protection?

Project Glasswing from Anthropic uses the Mythos AI tool to find complex vulnerabilities in critical software and has already helped discover a 27-year-old bug in OpenBSD. Such systems can analyze tens of millions of lines of code and find errors that have been overlooked by audits for decades. For companies, this is a chance to close inherited vulnerabilities in network and system components before they are widely used by APT groups. Integrating Glasswing results into secure development and code review processes can reduce the risk of critical incidents by tens of percent.

How should companies in Kazakhstan and Central Asia prepare for new APT threats?

Companies in Kazakhstan and Central Asia should start with asset inventory, implementing EDR/XDR and centralized logging, as well as network segmentation and Zero Trust approach. In practice, deploying a SOC or MDR service takes 2 to 4 months, including pilot, rule correlation setup, and staff training. It is important to pay attention to Linux servers, email infrastructure, and network devices, which are increasingly becoming the entry point for APT. The optimal path is to engage managed cybersecurity services from players like Alashed IT (it.alashed.kz), which allows reducing TCO and accelerating the launch of protection by several times.