Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.
The YoroTrooper group claims to be from Azerbaijan and even routes its phishing traffic through the former Soviet republic.
Dark Reading Staff
October 25, 2023
1 Min Read
Source: GoodIdeas via Alamy Stock Photo
A Kazakhstan attack group with a penchant for sending phishing messages is doing its dirty work in an Azerbaijani disguise.
YoroTrooper was first detected in June 2022 and often targets former Soviet republics, including Russia, Armenia, Belarus, and Moldova, as well as Azerbaijan, and typically targets government entities.
But given YoroTrooper's language preferences, its use of Kazakhstani currency, and very limited targeting of Kazakhstani entities, researchers from Cisco Talos have concluded that the group is from Kazakhstan.
Researchers also determined "with high confidence" that YoroTrooper made numerous efforts to disguise its origin by hosting a majority of their infrastructure in Azerbaijan, while still targeting institutions in that country.
Most of YoroTrooper's operations are routed via Azerbaijan, although the attackers do not appear to speak the Azerbaijani language.
"Our primary observation that points toward the actor being of Kazakh origin is that they speak Kazakh and Russian, both of which are official languages of Kazakhstan," researchers said. "YoroTrooper frequently visits websites written in Kazakh and has used Russian in debugging and logging messages in their custom Python Remote Access Trojans."
About the Author(s)
You May Also Like
A screen displaying many different types of charts and graphs to show what data is being analyzed.Cybersecurity Analytics
Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions
Demystifying Zero Trust in OT
Stopping Active Adversaries: Lessons from the Cyber Frontline
Zero Trust Access For Dummies, 2nd Fortinet Special Edition
The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023