Central Asian governments subjected to YoroTrooper attacks

Suspected Kazakhstan-based threat operation YoroTrooper has launched a widespread cyberespionage campaign against government organizations and officials across Central Asia between May and August, reports The Record, a news site by cybersecurity firm Recorded Future. Azerbaijan, Kyrgyzstan, Tajikistan, and Uzbekistan had several of their government-owned websites and government officials' accounts targeted by YoroTrooper in attacks that involved data and credential exfiltration through custom malware mostly deployed through phishing operations, according to a Cisco Talos report. Such intrusions, which were made to seem to originate from Azerbaijan through the use of VPN services, have infrastructure supported by cryptocurrency, noted researchers, who added that YoroTrooper has also been scanning the Kazakhstani state-owned email service mail[.]kz and other open source data to determine potential vulnerabilities in their target's infrastructure. "YoroTrooper's targeting of government entities in these countries may indicate the operators are motivated by Kazakh state interests or working under the direction of the Kazakh government," said researchers.