ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Cyberthreats in the transportation industry

    April 2, 2024

    Transportation is a key economic sector. It spans a multitude of diverse companies engaged in logistics, urban transit, land and air cargo and passenger conveyance, and other activities. The transportation system performs critical functions that support nationwide objectives by connecting different areas of a country and sectors of the economy. Carriers also do business with large ...

  • Prudential Financial February incident exposed data of nearly 37K customers

    April 2, 2024

    Prudential Financial disclosed that 36,545 individuals had personal information stolen in an early February breach that was claimed by ALPHV/BlackCat, the group also responsible for the Change Healthcare ransomware attack. In a letter to consumers March 29, the large insurance company said the stolen personal data includes names, addresses, driver’s license numbers, and non-driver identification card ...

  • Top yacht retailer MarineMax says cyberattack led to major online data breach

    April 2, 2024

    MarineMax has confirmed suffering a cyberattack, thought to be ransomware, in which threat actors stole sensitive customer information. In an 8-K form, filed with the Securities and Exchange Commission (SEC) on April 1, the company, one of the leading yacht sellers worldwide, said a third party “gained unauthorized access to portions of our information environment.” Read more… Source: ...

  • Scottish law firm Scullion Law suffers cyber attack

    March 31, 2024

    Scullion Law, which has offices on George Street Edinburgh, as well as in Glasgow, Hamilton and Madrid, had 155GB of data stolen in the attack by Black Basta. A spokesperson for the award-winning firm said: “We can confirm that we were recently the victim of a cyberattack. “We promptly notified the ICO and The Law Society ...

  • OpenAI’s new ‘Voice Engine’ clones your voice in only 15 seconds

    March 30, 2024

    As artificial intelligence (AI) continues to advance rapidly, ChatGPT maker OpenAI is at the forefront of this progress. The research lab has unveiled a powerful new voice cloning technology called Voice Engine. With just a 15-second audio sample, it can generate a synthetic copy of a person’s voice described as “natural-sounding” and “emotive.” While the company ...

  • Backdoor found in widely used Linux utility targets encrypted SSH connections

    March 29, 2024

    Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. The compression utility, known as xz Utils, introduced the malicious code in versions ​​5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no known reports ...