ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Bouygues Telecom data breach could affect millions of customers

    August 8, 2025

    French telco giatn Bouygues Telecom has confirmed suffering a cyberattack in which it lost sensitive customer data. In a short announcement published on its website, the company said it detected the attack on August 4, and following an investigation, determined threat actors stole people’s contact details, contract data, civil status data (or company details), and IBAN ...

  • Google says UNC6040 hackers stole some of its data following Salesforce breach

    August 7, 2025

    Cybercriminals known as ShinyHunters (UNC6040) recently broke into Google and stole business customer information from one of its corporate Salesforce instances, the company has confirmed. In a blog post breaking down ShinyHunters’ modus operandi, the company somewhat played down the importance of the incident, noting the miscreants didn’t really grab anything sensitive, or of particular value. Read ...

  • An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life

    August 6, 2025

    Whether it’s in the water we drink, the medicines we take, or the electricity we use to read blog posts on the internet, Industrial Control Systems (ICS) are part of our daily lives. There’s so much that relies on these systems, you’d like to assume they’re engineered and tested to guard against cyberattacks. You’d be wrong. ...

  • Taiwan arrests 6 in probe of TSMC chip technology leak

    August 6, 2025

    Taiwan prosecutors arrested six people suspected of stealing trade secrets from Taiwan Semiconductor Manufacturing Co (TSMC), opening an investigation into a potential breach of national security involving a global tech industry linchpin. The chipmaker to Nvidia reported a number of former and current staff to authorities on suspicion they illegally obtained core technology. A total of ...

  • Hacker used a voice phishing attack to steal Cisco customers’ personal information

    August 5, 2025

    A cybercriminal tricked a Cisco representative into granting them access to steal the personal information of Cisco.com users, the company said on Tuesday. Cisco said it discovered the breach on July 24, blaming the incident on a voice phishing or “vishing” call. The hackers accessed and exported “a subset of basic profile information” from the database ...

  • Dangerous new Linux malware strikes – thousands of users see passwords, personal info stolen

    August 5, 2025

    A brand new Linux malware has been found infecting thousands of computers around the world, stealing people’s login credentials, payment information, and browser cookies, security researchers are warning. SentinelLabs and Beazley Security issued a joint report detailing the activities of PXA Stealer, a new Python-based infostealer for the Linux platform. It was first spotted in late ...