The Cisco Talos cybersecurity team has identified a previously unknown threat actor conducting espionage campaigns against Commonwealth of Independent States entities such as Azerbaijan, Tajikistan, and Kyrgyzstan. The threat actor has been dubbed YoroTrooper by security researchers and has also been observed compromising accounts from at least two international organizations, including a critical European Union health care agency and the World Intellectual Property Organization.

Researchers at Cisco Talos released a blog post regarding the threat actor, stating that information stolen during the course of its attacks included credentials, browser histories and cookies, system information, and screenshots. Therefore, it appears as though the group’s main motivations could be intellectual gain and information access. YoroTrooper uses a Python-based, custom built information stealer in addition to commodity malware tools to conduct its attacks.

Read More: YoroTrooper Espionage Campaigns Target CIS, EU Countries