Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Security firm Check Point confirms data breach, but says users have nothing to worry about
April 1, 2025
A hacker is claiming to have stolen a “highly sensitive” dataset from Check Point – but the company is looking to play down any concerns users might have. The cybercriminal, going by the name of CoreInjection, posted about the dataset of compromised Check Point files on a cybercrime forum – and alleges that the information contains ...
- Someone is trying to recruit security researchers in bizarre hacking campaign
April 1, 2025
Are you willing to hack and take control of Chinese websites for a random person for up to $100,000 a month? Someone is making precisely that tantalizing, bizarre, and clearly sketchy job offer. The person is using what looks like a series of fake accounts with avatars displaying photos of attractive women and sliding into the ...
- UK: Man charged after cyber attack saw terror messages displayed at train stations
April 1, 2025
A man has been charged after a cyber attack saw terror messages displayed across screens at Scotland’s busiest train stations. British Transport Police received multiple reports of a cyber security incident affecting Network Rail Wi-Fi services, provided by a third party, that displayed imagery “intended to incite religious hatred” on September 25, 2024. Network Rail said ...
- GCHQ worker admits taking top secret data home
March 31, 2025
A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone. Hasaan Arshad, 25, pleaded guilty to an offence under the Computer Misuse Act on what would have been the first day of his trial at the Old Bailey in London. The charge related to committing ...
- The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques
March 31, 2025
The Earth Alux APT group’s schemes and tactics have been uncloaked through our relentless monitoring and investigation efforts. The China-linked intrusion set is actively launching cyberespionage attacks against the government, technology, logistics, manufacturing, telecommunications, IT services, and retail sectors. The first sighting of its activity was in the second quarter of 2023; back then, it was ...
- Oracle grapples with dual data breaches
March 31, 2025
Oracle is dealing with the fallout of a double data breach — one exposing patient data at US hospitals, and another raising concerns about its cloud security. Reports over the weekend suggest a breach at Oracle Health, formerly known as Cerner, has impacted multiple US healthcare organisations and hospitals. Threat actors are believed to have stolen ...

