Kazakhstan’s state-owned oil and gas company, KazMunayGas (KMG), has dismissed reports by Indian cybersecurity firm Seqrite Labs that it was targeted by a new Russia-linked hacking group dubbed NoisyBear.
In research published last week, Seqrite claimed that NoisyBear had been active since April 2025, focusing on Central Asia’s energy sector.
According to the firm, the group compromised the mailbox of a KMG finance employee in May and used it to send phishing emails disguised as salary updates, corporate policies, and IT department notices. These phishing lures carried malicious archive files designed to deploy additional payloads.
Seqrite attributed the activity to Russian operators, pointing to the attackers’ use of the Russian language, infrastructure hosted by Aeza Group—a provider sanctioned by the U.S. Treasury in July for allegedly supporting ransomware and illicit markets—and overlaps with earlier Moscow-linked campaigns.
But KMG disputes that narrative. Speaking to local outlet Orda, the company said the alleged breach was actually a scheduled phishing simulation.
“In May 2025, KMG organized and carried out a planned internal exercise to test, assess, and improve employees’ awareness of information security,” the company stated.
The company added that some employees had been informed in advance and that the results were used to strengthen staff awareness through targeted recommendations.
Evidence within Seqrite’s own report appears to support KMG’s version of events. Screenshots of phishing emails included in the analysis showed messages sent to addresses like test@kmg[.]kz, which cybersecurity expert Oleg Shakirov flagged as a strong indicator of controlled testing rather than a genuine compromise.
This isn’t the first time external threat intelligence claims have clashed with a company’s official account. Earlier this year, Snowflake publicly rejected assertions by Hudson Rock that its systems were breached in a high-profile campaign linked to Ticketmaster and Santander Bank, instead attributing the issue to a former employee’s demo environment.
Source: Record Media
About Author
