Security News > 2023 > March > YoroTrooper cyberspies target CIS energy orgs, EU embassies

YoroTrooper cyberspies target CIS energy orgs, EU embassies
2023-03-14 14:56

A new threat actor named 'YoroTrooper' has been running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States countries.

Cisco Talos reports having evidence of YoroTrooper exfiltrating large volumes of data from infected endpoints, including account credentials, cookies, and browsing histories.

While YoroTrooper uses malware associated with other threat actors, such as PoetRAT and LodaRAT, Cisco's analysts have enough indications to believe this is a new cluster of activity.

In the summer of 2022, YoroTrooper targeted Belarusian entities using corrupt PDF files sent from email domains masquerading as Belarusian or Russian entities.

In January 2023, YoroTrooper employed a Python-based stealer script to extract account credentials stored in Chrome web browsers and exfiltrate them via a Telegram bot.

YoroTrooper has used Python-based reverse shells and a C-based keylogger deployed on limited occasions.


News URL

https://www.bleepingcomputer.com/news/security/yorotrooper-cyberspies-target-cis-energy-orgs-eu-embassies/