ToddyCat is an advanced APT actor that Kaspersky researchers described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Kaspersky first publication was focused on their main tools, Ninja Trojan and Samurai Backdoor, and they also described the set of loaders used to launch them.
During the last year, Kaspersky researchers discovered a new set of loaders developed from scratch and collected additional information about their post-exploitation activities. The discovered information allowed them to expand their knowledge of this group and obtain new information about the attacker’s TTPs (Tactics, Techniques and Procedures).