Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- London Fire Brigade block almost 340,000 cyber attacks
October 8, 2024
The London Fire Brigade, the fire and rescue service for the UK’s capital, has been targeted by nearly 340,000 cyber-attacks over the past year. The data was collected under the Freedom of Information Act (FOI), and analysed by the Parliament Street think tank, observing the number of blocked email attacks by the department. In total, the ...
- Wreaking havoc in cyberspace: threat actors experiment with pentest tools
October 8, 2024
In recent months, adversaries have increasingly opted for the Havoc post‑exploitation framework. The tool is less popular compared to Cobalt Strike, Metasploit, and Sliver. According to BI.ZONE Threat Intelligence, this C2 framework is employed in an attempt to evade cybersecurity systems that may not flag an unknown program as malicious. For instance, such was the approach of ...
- Awaken Likho is awake: new techniques of an APT group
October 7, 2024
In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, Kaspersky began tracking it, and published three reports in August and September 2024 through their threat research subscription on the threat actor they named Awaken Likho (also named by other vendors as Core Werewolf). While investigating ...
- iPhone flaw could read your saved passwords out loud – update now
October 7, 2024
Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on ...
- UK’s Sellafield nuclear waste processing plant fined £333K for infosec blunders
October 4, 2024
The outfit that runs Britain’s Sellafield nuclear waste processing and decommissioning site has been fined £332,500 ($440,000) by the nation’s Office for Nuclear Regulation (ONR) for its shoddy cybersecurity practices between 2019 and 2023. Sellafield, located in Cumbria, England, manages more radioactive waste than any other nuclear site in the world, and decommissioning work happening at ...
- Zimbabwe faces alarming rise in cyber attacks amid bank hacking
October 3, 2024
Zimbabwe has witnessed a significant surge in cyber attacks in recent months, with local entities, including banks, falling victim to hacking, the country’s Minister of Information Communication Technology, Tatenda Mavetera has revealed. Mavetera said the threat is also a local phenomenon, citing recent bank hacks in the country. Mavetera stated that cybercrime is not just a ...

