Reported HTTPS MITM in Kazakhstan, February 2024

[wkrp]

An issue was opened at the Mozilla Bugzilla on 2024-02-07 that reports an HTTPS MITM in Kazakhstan. It seems similar to past TLS MITM in Kazakhstan that we have discussed in #6 (2019), #56 (2020), #66.

Bug 1879046: Add New Kazakhstan Root Certificate to OneCRL

Another MITM attempt by the KZ government.
When I visit https://m.reactor.cc/, the real certificate is replaced with the one that I attached.

The certificates attached to the report have this period of validity:

Validity
    Not Before: Jan  4 02:30:22 2024 GMT
    Not After : Apr  3 02:30:21 2024 GMT

According to a comment in the issue, the CA certificate is https://crt.sh/?id=12281942153. I'm not sure where that comes from. It doesn't seem to match the RSA certificates at https://pki.gov.kz/cert/ (archive).

I found bug 1879046 through a meta-bug to track Kazakhstan interception certificates. The meta-bug has a history of how such certificates have been dealt with in Firefox.

Bug	Dates	Discussion
1229827	2016	https://groups.google.com/g/mozilla.dev.security.policy/c/wnuKAhACo3E
1567114	2019-07-17–2019-07-26, 2019-07-30–2019-08-07	#6, #66
1680927 1680922 (dup) 1680945 (dup)	2020-12-06	#56, #66, https://censoredplanet.org/kazakhstan/live
1879046	2024-02-07	This thread