HOMETHREATSYoroTrooper
APT / THREAT GROUP

YoroTrooper

🇰🇿KZ-attributed
1
campaigns
8
aliases
Last seen:Mar 17, 2026

Intelligence Profile

YoroTrooper’s main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States, based on Cisco Talos analysis. YoroTrooper was also observed compromising accounts from at least two international organizations: a critical European Union health care agency and the World Intellectual Property Organization. Successful compromises also included Embassies of European countries including Azerbaijan and Turkmenistan.

Threat Analysis

YoroTrooper is a known-sophistication threat actor attributed to KZ, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

YoroTrooper — Active Operations March 2026

YoroTrooper is a unknown-motivation threat actor attributed to KZ. YoroTrooper’s main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States, based on Cisco Talos analysis. YoroTrooper was also observed compromising accounts from at least two international organizations: ...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇰🇿 KZ
Aliases8
SourceMalpedia

Also Known As

Salted EarthSturgeon FisherCavalry WerewolfComrade SaigaSilent LynxShadowSilkSturgeonPhisherYoroTrooper

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.