ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks

    December 5, 2024

    Trend Micro researchers have been continuously monitoring the MOONSHINE exploit kit’s activity since 2019. During our research, they discovered a MOONSHINE exploit kit server with improper operational security: Its server exposed MOONSHINE’s toolkits and operation logs, which revealed the information of possible victims and the attack tactics of a threat actor we have named Earth ...

  • Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

    December 4, 2024

    Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024, followed by an update in August 2024, when the operators updated their tactics and malware payloads ...

  • Ireland: Woman, 20s, arrested over potential data breach at utility service provider

    December 4, 2024

    A woman has been arrested over a potential data breach at a national utility service provider last year. The woman, aged in her 20s, was arrested yesterday and is detained at a garda station in Dublin. The potential breach was identified by members of the Garda National Cyber Crime Bureau in 2023. It was referred to ...

  • UK: Ransomware hackers target NHS hospitals with new cyberattacks

    December 4, 2024

    Ransomware hackers have continued an assault on National Health Service trusts across the United Kingdom by compromising multiple hospitals, exposing sensitive patient data and disrupting emergency services. Inc Ransom, a prolific Russia-linked ransomware group that claimed responsibility for an attack on NHS Scotland earlier this year, now claims to have breached the Alder Hey Children’s Hospital ...

  • Foreign espionage agencies exploit crowdsourcing for covert intelligence gathering in China

    December 4, 2024

    China’s Ministry of State Security revealed on Wednesday that foreign intelligence agencies are using crowdsourcing to gather sensitive data in China, posing a covert but serious threat to national security. This covert method, dubbed “crowdsourced espionage,” poses an escalating threat. Foreign intelligence agencies break down intelligence-gathering missions into smaller, discrete tasks and distribute them via legitimate ...

  • AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

    December 3, 2024

    Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers including some household family names. But the way its solution is set up ...