Yorotrooper is a sophisticated espionage campaign that has been active since at least 2018, targeting organizations in Europe and Turkey. This campaign has been attributed to a threat actor group called APT27, which is believed to be associated with the Chinese government. The goal of Yorotrooper is to collect sensitive information from a range of industries, including government, military, and energy.

APT27’s tactics include using spear-phishing emails to deliver malware and exploiting vulnerabilities in software to gain access to victims’ networks. The malware used in Yorotrooper is highly customized, making it difficult to detect and analyze. Once installed on a victim’s computer, the malware can steal data, log keystrokes, take screenshots, and even use a victim’s webcam and microphone to record audio and video.

One notable aspect of Yorotrooper is its use of a legitimate remote access tool called QuasarRAT. This tool is widely available online and has been repurposed by APT27 to remotely control compromised systems. This technique allows the threat actors to avoid detection and operate within victim networks for long periods of time.

The targets of Yorotrooper include government agencies, military organizations, academic institutions, and companies involved in the energy sector. The campaign has focused primarily on Turkey and Europe, but some targets in Africa and the Middle East have also been identified. The motivation behind the campaign is unclear, but it is believed to be part of China’s broader efforts to gather intelligence and advance its strategic interests.

To defend against Yorotrooper and other advanced persistent threats, organizations should take steps to improve their cybersecurity posture. This includes implementing strong access controls, regularly patching vulnerabilities, and training employees to recognize and avoid phishing emails. It’s also important to use advanced threat detection tools to monitor networks for suspicious activity and respond quickly to any incidents that are detected.

In conclusion, Yorotrooper is a highly sophisticated espionage campaign that has been active since at least 2018. It is believed to be associated with the Chinese government and has targeted a range of organizations in Europe and Turkey. The campaign uses spear-phishing emails, exploits software vulnerabilities, and deploys highly customized malware to steal sensitive data. To protect against Yorotrooper and other advanced persistent threats, organizations should adopt a comprehensive approach to cybersecurity that includes strong access controls, regular patching, employee training, and advanced threat detection.

mail[.]mfa[.]gov[.]kg[.]openingfile[.]netmfa[.]gov[.]kgKyrgyzstan’s Ministry of Foreign Affairs
akipress[.]newsakipress[.]comAKI Press News Agency (Kyrgyzstan-based)
maileecommission[.]inro[.]linkcommission[.]europa[.]euEuropean Commission’s email
sts[.]mfa[.]gov[.]tr[.]mypolicy[.]topmfa[.]gov[.]trTurkey’s Ministry of Foreign Affairs
industry[.]tj[.]mypolicy[.]topindustry[.]tjTajikistan’s Ministry of Industry and New Technologies
mail[.]mfa[.]az-link[.]emailmail[.]mfa[.]azAzerbaijan’s Ministry of Foreign Affairs
belaes[.]by[.]authentication[.]becloud[.]ccbelaes[.]byBelarusian Nuclear Power Plant (Astravets)
belstat[.]gov[.]by[.]attachment-posts[.]ccbelstat[.]gov[.]byNational Statistical Committee of Belarus
minsk[.]gov[.]by[.]attachment-posts[.]ccminsk[.]gov[.]byOfficial Website of the Government of Minsk (Belarus)

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s