The Cyberthreat Is Within the Commonwealth
The DiplomatIs Kazakhstan home to a team of hackers targeting Commonwealth of Independent States countries and attempting to disguise themselves as Azerbaijani? Earlier in 2023, Cisco Talos identified a new threat actor that was targeting government, energy, and international organizations largely in the former Soviet Union, with cyberespionage campaigns employing a range of malware tools. In March, Cisco Talos reported that “YoroTrooper successfully obtained access to credentials of at least one account from a critical EU health care agency’s internet-exposed system and another from the World Intellectual Property Organization.” The group also compromised “embassies belonging to Turkmenistan and Azerbaijan, where the operators attempted to exfiltrate documents of interest and deploy additional malware.” In October, Cisco Talos issued an updated report, suggesting that while attempting to masquerade as Azerbaijani, the hacker group may actually be based in Kazakhstan. “We observed that most of YoroTrooper’s operations are routed via Azerbaijan, though notably, the threat actor does not appear to speak the Azerbaijani language,” Cisco Talos’ researchers noted in the report. Cisco Talos reported that “YoroTrooper has a special defensive interest in repeatedly evaluating the security posture of the website of the Kazakhstani state-owned email service, mailkz.” Furthermore, the only Kazakh entity targeted by the hackers appears to have been the country’s Anti-Corruption Agency.