Suspected Kazakhstan-based threat operation YoroTrooper has launched a widespread cyberespionage campaign against government organizations and officials across Central Asia between May and August, reports The Record, a news site by cybersecurity firm Recorded Future.
Azerbaijan, Kyrgyzstan, Tajikistan, and Uzbekistan had several of their government-owned websites and government officials' accounts targeted by YoroTrooper in attacks that involved data and credential exfiltration through custom malware mostly deployed through phishing operations, according to a Cisco Talos report.
Such intrusions, which were made to seem to originate from Azerbaijan through the use of VPN services, have infrastructure supported by cryptocurrency, noted researchers, who added that YoroTrooper has also been scanning the Kazakhstani state-owned email service mail[.]kz and other open source data to determine potential vulnerabilities in their target's infrastructure.
"YoroTrooper's targeting of government entities in these countries may indicate the operators are motivated by Kazakh state interests or working under the direction of the Kazakh government," said researchers.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.