Skip to content

YoroTrooper cyberspies target CIS energy orgs, EU embassies

Table of Contents

A new threat actor named 'YoroTrooper' has been running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States (CIS) countries.
According to Cisco Talos, the threat actor has compromised accounts of a critical European Union agency engaged in healthcare, the World Intellectual Property Organization (WIPO), and various European embassies.
YoroTrooper's tools include a combination of commodity and custom information stealers, remote access trojans, and Python-based malware. The infection happens via phishing emails containing malicious LNK attachments and decoy PDF documents.
Cisco Talos reports having evidence of YoroTrooper exfiltrating large volumes of data from infected endpoints, including account credentials, cookies, and browsing histories.
While YoroTrooper uses malware associated with other threat actors, such as PoetRAT and LodaRAT, Cisco's analysts have enough indications to believe this is a new cluster of activity.
YoroTrooper is of unknown origin, and its sponsors or affiliations remain murky.
However, the espionage threat group's use of custom malware tools indicates they are skillful and knowledgeable threat actors.
YoroTrooper cyberspies target CIS energy orgs, EU embassies
A new threat actor named ‘YoroTrooper’ has been running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States (CIS) countries.
Full article can be read here

#APT #Campaign #IoCs

Latest

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges. It recommended applying the updates and

Members Public