ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • 240,000 Credit Union Members Exposed

    December 20, 2024

    A recent data breach at SRP Federal Credit Union, based in South Carolina, has left over 240,000 members vulnerable to potential identity theft and financial fraud. Between Sept. 5 and Nov. 4, 2024, hackers accessed sensitive personal data, including Social Security numbers, driver’s license information, dates of birth and financial account details. The ransomware group Nitrogen ...

  • BellaCPP: Discovering a new BellaCiao variant written in C++

    December 20, 2024

    BellaCiao is a .NET-based malware family that adds a unique twist to an intrusion, combining the stealthy persistence of a webshell with the power to establish covert tunnels. It surfaced for the first time in late April 2023 and has since been publicly attributed to the APT actor Charming Kitten. One important aspect of the BellaCiao samples ...

  • Ukraine Hit By Massive Cyber Attack

    December 20, 2024

    Ukraine government databases, described as critically important infrastructure, have been hit by a cyber attack that’s being blamed on Russia. Deputy prime minister Olha Stefanishyna said it was the largest external cyber attack on the state registers of Ukraine in recent times. “As a result of a targeted attack, the work of the Unified and State Registers, ...

  • Ransomware attack on health giant Ascension hits 5.6 million patients

    December 20, 2024

    A May ransomware attack on Ascension, a U.S. healthcare giant with more than 140 hospitals and dozens of senior living facilities, allowed hackers to steal personal and sensitive health information on 5.6 million patients, according to a new filing with Maine’s attorney general. The cyberattack caused widespread disruption across its hospital system, with some staff describing ...

  • Thousands of GPS tracking customers have info leaked following data breach

    December 19, 2024

    Hapn, a company that sells GPS tracking hardware and software, is reportedly spilling sensitive user information online, and is not responding to researcher alerts or media inquiries, experts have claimed. In late November 2024, a security researcher reached out to TechCrunch, saying they observed a bug in Hapn’s website, which allows malicious actors to view the ...

  • Attackers exploiting a patched FortiClient EMS vulnerability in the wild

    December 19, 2024

    During a recent incident response, Kaspersky’s GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company’s networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of SQL command input making the system susceptible to an SQL injection. It specifically ...