Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers crawled Canadian streets with SMS blasters causing 13 million network disruptions
May 1, 2026
Authorities in Canada have disclosed details of a mobile cyber operation that relied on SMS blasters mounted inside vehicles moving through urban areas. Three suspects drove around downtown Toronto with these hidden devices running in their cars, impersonating cell towers. The Toronto Police Service confirmed that this marked the first operation of its kind ever recorded ...
- Pro-Iran crew turns DDoS into shakedown as Ubuntu com stays down
May 1, 2026
Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant. “I can confirm that Canonical’s web infrastructure is under a sustained, cross-border Distributed Denial of Service (DDoS) attack” a Canonical spokesperson told The Register. “Our teams are working to restore full availability to all ...
- FBI: Hackers making millions from stolen cargo – losses ‘surged’ to nearly $725 million in 2025
May 1, 2026
The FBI has warned cybercriminals are increasingly targeting cargo shipments with hacking and impersonation tactics – and making a hefty profit doing so. With incidents rising 18% in 2025 and the average value per theft up around 36% (to $273,990) due to criminals targeting high-value goods, losses in the US and Canada alone hit around $725 ...
- ASD: Careful Adoption of Agentic AI Services
May 1, 2026
Agentic artificial intelligence (AI) systems increasingly operate across critical infrastructure and defence sectors and support mission-critical capabilities. As agentic AI systems play a growing operational role, it is crucial for defenders to implement security controls to protect national security and critical infrastructure from agentic AI-specific risks. Agentic AI can automate repetitive, well-defined and low-risk tasks. However, ...
- French prosecutors link 15-year-old to mega-breach at state’s secure document agency
April 30, 2026
French prosecutors say police detained a 15-year-old on April 25 over the alleged theft of millions of records from France Titres (ANTS), the agency handling secure documents. The Paris Prosecutor’s Office announced on Thursday that the minor, suspected of using the online alias “breach3d” and not named because French law protects minors, faces two computer crime ...
- Silver Fox uses new ABCDoor backdoor to target organisations in Russia and India
April 30, 2026
In December 2025, Kaspersky researchers detected a wave of malicious emails designed to look like official correspondence from the Indian tax service. A few weeks later, in January 2026, a similar campaign began targeting Russian organizations. Kaspersky have attributed this activity to the Silver Fox threat group. Both waves followed a nearly identical structure: phishing emails ...