Seqrite Labs has uncovered a new threat group called Noisy Bear targeting Kazakhstan’s oil and gas sector since April 2025 using spear-phishing, PowerShell loaders, and DLL implants. The attack involves sophisticated social engineering and malware techniques, with strong indications of Russian origins. #NoisyBear #KazakhstanOilAndGas
Keypoints
- Noisy Bear is a threat actor targeting Kazakhstan’s energy sector since April 2025.
- The group uses spear-phishing emails with decoy documents mimicking internal KazMunaiGas communications.
- The attack chain involves PowerShell loaders, AMSI bypass techniques, and DLL hijacking to establish reverse shells.
- The infrastructure is hosted through sanctioned Russian providers and linked to Russian-speaking cyber activity.
- Seqrite’s analysis suggests the threat group has possible Russian origins based on tooling and infrastructure overlaps.
Read More: https://securityonline.info/noisy-bear-a-new-apt-group-is-spying-on-kazakhstans-energy-sector/