Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Fake Canva home page leads to browser lock
August 29, 2024
In a previous blog post, Malwarebytes researchers showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating. Malwarebytes Labs continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in ...
- Preparing for Unknown Risks: How to Better Prepare for Risks You Can’t See Yet
August 29, 2024
As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines. On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. ...
- State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
August 29, 2024
Google’s Threat Analysis Group (TAG) observed multiple in-the-wild exploit campaigns, between November 2023 and July 2024, delivered from a watering hole attack on Mongolian government websites. The campaigns first delivered an iOS WebKit exploit affecting iOS versions older than 16.6.1 and then later, a Chrome exploit chain against Android users running versions from m121 to m123. ...
- Spain’s Alcampo Acts Quickly To Mitigate Impact Of Cyber Attack
August 29, 2024
Spanish retailer Alcampo has reportedly suffered a cyber attack, however the group told local media that it acted quickly to mitigate its effects. The retailer experienced the cyber attack between Sunday 25 August and Monday 26 August, according to media reports, and upon discovery of the incident, engaged data protection experts to implement the necessary technical, ...
- Deep Analysis of Snake Keylogger’s New Variant
August 28, 2024
Fortinet’s FortiGuard Labs recently caught a phishing campaign in the wild with a malicious Excel document attached to the phishing email. Fortinet researchers performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger. Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It ...
- Fortra Releases Security Advisories for FileCatalyst Workflow
August 28, 2024
Fortra has released security advisories addressing a critical vulnerability and a high severity vulnerability found in FileCatalyst Workflow. FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks. CVE-2024-6632 is an SQL injection vulnerability with a CVSSv3 score of 7.2 (high), which if exploited could allow an unauthenticated ...

