Noisy Bear Hackers Reportedly Attacked KazMunayGas
Photo: Elements.envato.com, ill. purposes
An unknown hacker group, calling itself Noisy Bear, has attacked the digital infrastructure of the national company KazMunayGas. The attackers used phishing emails disguised as corporate newsletters to gain access to important internal information, Orda.kz reports.
Specialized foreign media, including Malware News and Cyber Security News, have reported on the new cyber threat. According to their information, Noisy Bear has been active since April, targeting energy and oil and gas companies in Central Asia, with KazMunayGas as its main focus.
The campaign is targeted towards employees of KazMunayGas or KMG where the threat entity delivered a fake document related to KMG IT department, mimicking official internal communication and leveraging themes such as policy updates, internal certification procedures, and salary adjustments, writes Malware News.
The hackers used phishing emails with ZIP attachments that contained an installer launching a malicious script.
Victims’ computers were infected with malware written in PowerShell, which allows attackers to bypass traditional antivirus protection. The first attacks were recorded in April, and in May, mass distribution of the infected file began, sent to KazMunayGas employees under the guise of a payroll schedule.
According to Malware News, the phishing email used the KazMunayGas logo and included detailed instructions in Kazakh and Russian on how to download and open the malicious file. To appear legitimate, the text referenced the company’s IT department.
But opening the link redirected users to a foreign server, which then downloaded the file onto the victim’s computer and launched the malicious script.

Based on the server IP address cited by analysts, it was located in Moscow. Comments in the script description were written in Russian.
In the analyzed files, experts found references to Aeza Group LLC, a Russian hosting company sanctioned by the United States in the summer of 2025.
Analysts conclude that the attack was most likely carried out by Russian hackers.
In our ongoing tracking of Noisy Bear, we have a lot of artefacts, such as languages present inside the tooling, usage of sanctioned web-hosting services and similar behavioral artefacts with related to Russian threat entities which have previously targeted similar Central Asian nations, we attribute the threat actor possibly could be of Russian origin, Malware News reported.
Cyber Security News notes that the attack methodology demonstrates a high level of social engineering. The hackers knew exactly whom to target and how to “package” the malicious content to infect as many devices as possible.
Orda.kz will request comments from KazMunayGas and the Ministry of Digital Development to clarify the damage caused by the attack and whether its consequences have been eliminated.
This is not the first reported incident involving Russian hackers in 2025. In January, it became known that attackers, allegedly linked to the Kremlin, organized a campaign to collect strategically important information in Central Asian countries, including Kazakhstan.
Later, in March, hackers attacked the website of the Kazakh embassy in Russia.
Original Author: Nikita Drobny
Latest news
- Qatari-Kazakh Gas Pipeline Project Gets Another $500 Million
- Russian City May Name Square After Tokayev’s Father
- Kazakhstanis Will Not Face New Loan Restrictions
- Dead Seals Found Near Aktau May Have Come From Iran, Officials Say
- Sri Lankan Family Caught Trying to Fly to Kazakhstan on False Passports
- AIFC Court Cancels Order Allowing Naftogaz to Recover Gazprom Debt
- Russia Completely Bans Diesel Exports: What Does It Mean for Kazakhstan?
- Ukranian Drone Reportedly Hits Tanker Linked to Kazakh Oil Exports
- Children’s National Fund Payouts Mostly Go to Housing
- Officials Explain Disruptions on Public Procurement Portal
- Kazakhstanis May Be Allowed to Use Pension Savings for Housing and Education
- Miners, DeFi and Digital Bonds: Kazakhstan Prepares New Crypto Rules
- 100 Exploration Sites to Be Auctioned Under New Investor Rule
- Illegal Mining Scheme Cost State Over 2 Billion Tenge
- KTZ Head Leaves After One Year in Office
- Two Key Officials Keep Posts Under Kazakhstan’s New Constitution
- Court Orders Almaty Officials to Disclose Information on Kok-Zhailyau Road Project
- Euronews to Launch Broadcasting in Kazakh
- Russian-Chinese Gas Pipeline Could Help Gasify Kazakhstan’s Northeast
- Kazakhstan Sees No Fuel Risk After Omsk Refinery Strike