A relatively new threat actor known as YoroTrooper is likely made of operators originating from Kazakhstan.
The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the government’s Anti-Corruption Agency.
“YoroTrooper attempts to obfuscate the