Operation BarrelFire: NoisyBear targets entities linked to Kazakhstan’s Oil & Gas Sector.

Seqrite Labs analyzed a multi-stage spear-phishing campaign (tracked as Noisy Bear / Operation BarrelFire) targeting KazMunaiGas employees that used malicious ZIPs with LNK downloaders, batch scripts, PowerShell "DOWNSHELL" loaders (including AMSI bypass and dynamic API resolution), meterpreter shellcode and a 64-bit DLL implant with process injection; the report includes IOCs, infrastructure analysis, and MITRE ATT&CK mappings. Seqrite and the document note these artifacts were ultimately generated as part of KMG's internal phishing simulation rather than an observed external breach.