ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > YoroTrooper

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: YoroTrooper

NamesYoroTrooper (Talos)
CountryKazakhstan Kazakhstan
MotivationInformation theft and espionage
First seen2022
Description(Talos) Cisco Talos has identified a new threat actor, which we are naming “YoroTrooper,” that has been running several successful espionage campaigns since at least June 2022.

YoroTrooper’s main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States (CIS), based on our analysis. We also observed YoroTrooper compromise accounts from at least two international organizations: a critical European Union (EU) health care agency and the World Intellectual Property Organization (WIPO). Successful compromises also included Embassies of European countries including Azerbaijan and Turkmenistan. We assess the actor also likely targets other organizations across Europe and Turkish (Türkiye) government agencies.

Information stolen from successful compromises include credentials from multiple applications, browser histories & cookies, system information and screenshots.
ObservedSectors: Energy, Government.
Countries: Azerbaijan, Kyrgyzstan, Tajikistan, Turkey, Turkmenistan and Europe.
Tools usedLoda, Meterpreter, Stink, Warzone RAT.
Information<https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/>
<https://blog.talosintelligence.com/attributing-yorotrooper/>

Last change to this card: 29 November 2023

Download this actor card in PDF or JSON format

Previous: xHunt
Next: ZooPark

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]