ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • UK: Woman arrested for ‘sharing inaccurate information about identity of Southport attacker’

    August 8, 2024

    A woman has been arrested in relation to a social media post containing ‘inaccurate information about the identity of the attacker’ in the Southport stabbings. The 55-year-old woman from near Chester, was arrested on Thursday (August 8). She was taken into custody on suspicion of publishing written material to stir up racial hatred and false communications. ...

  • Russia: Massive DDoS attack on Kursk Region repelled

    August 8, 2024

    The Ministry of Digital Development, Communications and Mass Media of the Russian Federation has reported that a massive distributed denial-of-service (DDoS) attack on the Kursk Region’s local services has been successfully thwarted. “A massive DDoS attack on the regional services of the Kursk Region has been repelled and specialists have already restored all online activity,” the ...

  • Greece leaves spy services unchecked on Predator hacks

    August 7, 2024

    Greece’s 2022 espionage scandal dubbed “Predatorgate” had everything: eavesdropping on politicians, journalists and judges, exports of shady software to dictatorial regimes and high-profile resignations. Fast-forward two years and everyone in government is off the hook. In a 300-page report seen by POLITICO, deputy prosecutor of the Supreme Court Achilles Zisis argued that a series of controversial ...

  • Cloud Cover: How Malicious Actors Are Leveraging Cloud Services

    August 7, 2024

    The number of threat actors leveraging legitimate cloud services in their attacks has grown this year as attackers have begun to realize their potential to provide low-key and low-cost infrastructure. Traffic to and from well known, trusted services such as Microsoft OneDrive or Google Drive may be less likely to raise red flags than communications with ...

  • SharpRhino malware targets IT admins

    August 7, 2024

    Fake Angry IP Scanner will make you furious – or maybe remind you of how the Hive gang went about its banal business The latest malware from upstart criminal gang Hunters International appears to be targeting network admins, using malicious code disguised as the popular networking tool Angry IP Scanner.… The software nasty, dubbed SharpRhino on ...

  • UK: Port of Tyne website hit by cyber attack

    August 7, 2024

    A port has fallen victim to cyber attackers who targeted its website. The Port of Tyne confirmed its site was down for some time on Tuesday following a distributed denial of service (DDOS) attack, which attempts to overload a website to make it hard to use or inaccessible. A spokesman for the port said operational systems, ...