Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- London Hospitals Knew of Cyber Vulnerabilities Years Before Hack
June 14, 2024
A group of London hospitals struggling to contain the fallout from a cyberattack against a critical supplier had known for years about weaknesses that left them vulnerable to hacks, according to documents reviewed by Bloomberg News. The Guy’s and St Thomas’ NHS Foundation Trust, which runs five major hospitals in the London area, has failed to ...
- Europol-coordinated operation tackles the threat of terrorist-operated websites
June 14, 2024
Ten countries joined forces with Europol to disrupt the online propaganda activities of religious and politically motivated terrorist organisations across the ideological spectrum. This joint effort, known as Operation HOPPER II, targeted key assets in the online dissemination of terrorist propaganda, including those of the so-called Islamic State, al-Qaeda and its affiliates, and Hay’at Tahrir al-Sham. ...
- Data of over 20,000 staff, students at Chinese University of Hong Kong stolen after school server hacked
June 14, 2024
The personal data of over 20,000 Chinese University of Hong Kong (CUHK) staff and students has been stolen after a server at one of the institution’s schools was hacked. The server of an online learning system used by CUHK’s School of Continuing and Professional Studies (CUSCS) was hacked on June 3, the school announced in a ...
- Black Basta ransomware group suspected in Ascension data theft incident
June 13, 2024
U.S. healthcare provider Ascension has provided more details of its “cyber security event” last month, admitting that data was stolen, with some reports also suggesting that the Black Basta ransomware gang was behind the attack. One of the largest nonprofit and Catholic health systems in the U.S. and also the second-largest operator of hospitals in the ...
- Bluetooth tracking device company Tile data compromised in data breach
June 13, 2024
Another day, another data breach. Tile has fallen victim to a mammoth data breach, with cybercriminals stealing sensitive consumer data like names, physical addresses, and phone numbers, and even accessing tools that process location requests made by law enforcement. In addition to stealing personal data en masse, hackers have also demanded a ransom from Tile’s parent ...
- DISGOMOJI Malware Used to Target Indian Government
June 13, 2024
In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137. The malware used in these recent campaigns, which Volexity tracks as DISGOMOJI, is written in Golang and compiled for Linux systems. Volexity assesses with high confidence that UTA0137 has espionage-related objectives and a remit ...

