A Kazakhstan attack group is disguising itself as an Azerbaijani attack group and has a penchant for sending phishing messages. YoroTrooper was discovered in June of 2022 and frequently targets former Soviet republics. The targets include Russia, Armenia, Belarus, Moldova and Azerbaijan. The group also typically target government entities.
Researchers have determined that based of of its language preferences, use of Kazakhstani currency and limited targeting of Kazakhstani entities, the group is from Kazakhstan. Researchers also determined the group made numerous efforts to disguise its origin by hosting their infrastructure in Azerbaijan, while still targeting institutions within Azerbaijan. The group speaks both Kazakh and Russian, something that has help researchers determine their origin.
Read More: Kazakh Attackers, Disguised as Azerbaijanis, Hit Former Soviet States