Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UNODC: Organized crime dynamics in the context of war in Ukraine
August 18, 2025
This report aims to address the following overarching questions: how has the ongoing war against Ukraine affected organized crime and illicit markets in Ukraine, and what are the possible implications for the country, the region and the international community? These questions are addressed through research into the following six areas: Organized crime structures and their evolution Drug supply ...
- Telco giant Colt suffers attack, takes systems offline
August 15, 2025
Multinational telco Colt Technology Services says a “cyber incident” is to blame for its customer portal and other services being down for a number of days Per its status page, the issues began on August 12 when a reported incident led to disrupted services for some customers. The London-headquartered company’s customer portal, Colt Online, was the ...
- Canada: House of Commons hit by cyberattack from ‘threat actor’
August 14, 2025
The House of Commons and Canada’s cybersecurity agency are investigating a significant data breach caused by an unknown “threat actor” targeting employee information. According to an internal email obtained by CBC News, the House of Commons alerted staff on Monday that there was an information breach. It said a malicious actor was able to exploit a ...
- Norway spy chief blames Russian hackers for hijacking dam
August 14, 2025
Russian hackers briefly hijacked a dam in Norway in early April and spilled millions of gallons of water before the attack was stopped, Norway’s spy chief revealed Thursday. The hackers opened a floodgate at the Bremanger dam in western Norway to release the equivalent of about three Olympic-sized swimming pools of water during the four hours ...
- Cyber attack on Nigeria Customs Service disrupts clearance operations
August 14, 2025
A cyber attack on the Information Communication Technology (ICT) platform of the Nigeria Customs Service (NCS) has caused significant disruptions to cargo clearance operations at ports across the country. Licensed Customs agents are already counting their losses to demurrage charges on their consignments as a result of the disruption. Confirming the development, NCS spokesman and Assistant ...
- New trends in phishing and scams: How AI and social media are changing the game
August 13, 2025
Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events: anything to lure in their next victim. Since our last publication on phishing tactics, there ...

