Russian hackers carried out a large-scale attack on Kazakhstan’s energy sector, according to The Hacker News.
Cybersecurity researchers say the campaign, called Operation BarrelFire, is linked to the Noisy Bear group, which has been active since at least April 2025.
The main target of the attackers was KazMunayGas.
"The campaign is targeted towards employees of KazMunaiGas or KMG where the threat entity delivered a fake document related to the KMG IT department, mimicking official internal communication and leveraging themes such as policy updates, internal certification procedures, and salary adjustments," security researcher Subhajeet Singha said.
Inside the archive were a Windows shortcut (LNK), a fake document, and a README.txt file with instructions in Russian and Kazakh. When executed, the malware opened a path for installing additional components, including PowerShell scripts and DLL implants, allowing the attackers to access systems and establish reverse connections.
Experts noted that the attack infrastructure was hosted on servers of the Russian provider Aeza Group, which was added to the U.S. sanctions list in July 2025 for supporting cybercriminal activity.
Specialists link these actions to the increasing activity of Russian and Belarusian cybergroups, which since spring 2025 have been conducting targeted attacks on energy and industrial enterprises in the region.
