Subj : A cyberspy outfit is attacking high-level targets in the EU
To   : All
From : TechnologyDaily
Date : Wed Mar 15 2023 16:15:03

A cyberspy outfit is attacking high-level targets in the EU

Date:
Wed, 15 Mar 2023 15:56:09 +0000

Description:
Embassies, healthcare agencies and other critical orgs have been compromised.

FULL STORY
======================================================================

Threat actor YoroTrooper has compromised the accounts of critical EU 
healthcare agencies, a number of embassies, and the World Intellectual 
Property Organization (WIPO). 

A report from Cisco Talos (via BleepingComputer ) has revealed that vast 
quantities of data, such as credentials, cookies, and browser histories, have 
been stolen from a number of infected endpoints. 

These include those belonging to government agencies and energy companies of 
countries that are a part of Eurasias Commonwealth of Independent States 
(CIS). YoroTroopers unique threat activity 

Though BleepingComputer notes that YoroTrooper has previously been known to 
disseminate known malware like PoetRAT and LodaRAT, Cisco thinks its moved to 
designing its own Remote Access Trojans (RATs) written in Python to get the 
job done. 

In Summer 2022, Belarusian organizations were hit by infected PDF files sent 
from email domains purporting to be organizations from Belarus or Russia. In 
September that year, YoroTrooper registered typosquatting domains to appear 
as similar as Russian government agencies as possible. Read more 

> Russian hackers have been exploiting unknown flaw in Outlook for nearly a 
year now 


 > UK intelligence services are stepping up against Chinese cyberspies 


 > Weve also listed the best identity theft protection services right now 

This strategy is rooted in YoroTroopers phishing emails needing to look as 
legitimate as possible, particularly as its latest ruse involves attaching 
infected RAR and ZIP attachments to gain access to national security 
information across the region. 

In 2023, the threat group has moved fast. In January, it began issuing an 
infostealer script that extracts credentials from Chromium-based browsers , 
but in February, had already moved to a new modular tool called Stink. 

The new tool, in addition to Chromium browser infiltration and basic system 
information, also steals data from FTP client Filezilla and messaging apps 
Discord and Telegram. 

YoroTroopers motives, means, and backers are currently unknown, but the move 
to custom tools could turn out to be a worrying development for the corporate 
world. Heres our list of the best firewalls right now



======================================================================
Link to news story:
https://www.techradar.com/news/a-cyberspy-outfit-is-attacking-high-level-targe
ts-in-the-eu


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.