Kazakh Attackers, Disguised as Azerbaijanis, Hit Former Soviet States

  /     /     /  
Publicated : 23/11/2024   Category : security


Kazakh Attackers, Disguised as Azerbaijanis, Hit Former Soviet States


The YoroTrooper group claims to be from Azerbaijan and even routes its phishing traffic through the former Soviet republic.



A Kazakhstan attack group with a penchant for sending phishing messages is doing its dirty work in an Azerbaijani disguise.
YoroTrooper was 
first detected
in June 2022 and often targets former Soviet republics, including Russia, Armenia, Belarus, and Moldova, as well as Azerbaijan, and typically targets government entities.
But given YoroTroopers language preferences, its use of Kazakhstani currency, and very limited targeting of Kazakhstani entities,
researchers from Cisco Talos
have concluded that the group is from Kazakhstan.
Researchers also determined with high confidence that YoroTrooper made numerous efforts to disguise its origin by hosting a majority of their infrastructure in
Azerbaijan
, while still targeting institutions in that country.
Most of YoroTroopers operations are routed via Azerbaijan, although the attackers do not appear to speak the Azerbaijani language.
Our primary observation that points toward the actor being of Kazakh origin is that they speak Kazakh and Russian, both of which are official languages of Kazakhstan, researchers said. YoroTrooper frequently visits websites written in Kazakh and has used Russian in debugging and logging messages in their custom Python Remote Access Trojans.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Kazakh Attackers, Disguised as Azerbaijanis, Hit Former Soviet States