A threat group possibly from Russia, called Noisy Bear, has been targeting Kazakhstan’s energy sector through sophisticated phishing and malware campaigns. They use fake documents, malicious payloads, and cloud infrastructure to infiltrate and control target systems, with related activities also affecting Russia and Ukraine. #Operation BarrelFire #NoisyBear #KazMunaiGas
Keypoints
- A threat group named Noisy Bear is targeting Kazakhstan’s energy sector with cyberattacks.
- The attacks involve phishing emails with ZIP attachments containing malicious shortcuts and decoy documents.
- The malware chain includes dropping DLL implants, PowerShell loaders, and reverse shells for remote access.
- The threat infrastructure is hosted on a Russia-based BPH service provider, Aeza Group, sanctioned by the U.S.
- Other campaigns include Russian extortion activities and Android malware impersonating Russian security agencies.
Read More: https://thehackernews.com/2025/09/noisy-bear-targets-kazakhstan-energy.html