 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: YoroTrooper| Names | YoroTrooper (Talos) | |
| Country |  Kazakhstan | |
| Motivation | Information theft and espionage | |
| First seen | 2022 | |
| Description | (Talos) Cisco Talos has identified a new threat actor, which we are naming “YoroTrooper,” that has been running several successful espionage campaigns since at least June 2022. YoroTrooper’s main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States (CIS), based on our analysis. We also observed YoroTrooper compromise accounts from at least two international organizations: a critical European Union (EU) health care agency and the World Intellectual Property Organization (WIPO). Successful compromises also included Embassies of European countries including Azerbaijan and Turkmenistan. We assess the actor also likely targets other organizations across Europe and Turkish (Türkiye) government agencies. Information stolen from successful compromises include credentials from multiple applications, browser histories & cookies, system information and screenshots. | |
| Observed | Sectors: Energy, Government. Countries: Azerbaijan, Kyrgyzstan, Tajikistan, Turkey, Turkmenistan and Europe. | |
| Tools used | Loda, Meterpreter, Stink, Warzone RAT. | |
| Information | <https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/> <https://blog.talosintelligence.com/attributing-yorotrooper/> | |
Last change to this card: 29 November 2023
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |