ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs

    February 3, 2024

    Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research. In a scenario that elicits strong memories of that nail-biting flight scene from Die Hard 2, researchers investigating electronic flight bags (EFBs) found the app used by Airbus pilots was ...

  • Philippines: Cyber attack on Overseas Workers Welfare Administration website foiled

    February 3, 2024

    The Department of Information and Communications Technology (DICT) has prevented a cyber attack aimed at taking down the website of the Overseas Workers Welfare Administration (OWWA). At the Saturday News Forum, DICT Undersecretary for Cybersecurity Jeff Ian Dy said the DICT was able to “defend” various web applications related to OWWA from cyber attacks. The DICT ...

  • Europcar’s Alleged Data Breach Wasn’t Done Using AI, Experts Argue

    February 2, 2024

    French car rental company Europcar made headlines earlier this week following reports of an alleged data breach affecting nearly 50 million customers. Cyber security platform HackManac reported the incident on January 30th, noting that the stolen database containing usernames, passwords, full names, addresses, and several other user-identifying information had been listed for sale on a hacking ...

  • Cloudflare blames previous Okta breach for November 2023 cyberattack

    February 2, 2024

    Cloudflare is laying the blame for the cyberattack it suffered late last year the after-effects of the critical Okta breach. The content delivery service provider has published a blog post detailing the cybersecurity incident it suffered on Thanksgiving Day 2023, noting that on November 23, 2023, a threat actor accessed the company’s self-hosted Atlassian server. Read more… Source: ...

  • There Are Too Many Damn Honeypots

    February 2, 2024

    Determining the number of internet-facing hosts affected by a new vulnerability is a key factor in determining if it will become a widespread or emergent threat. Are there a lot of hosts affected? Pretty good possibility things are about to pop off. Only a few hosts? Probably less likely. But actually, counting those hosts has become ...

  • Former CIA employee sentenced to 40 years in prison after carrying out largest data leak in agency’s history

    February 1, 2024

    A former CIA employee was sentenced to 40 years in prison after carrying out the largest data leak in the agency’s history, the US Attorney’s Office of the Southern District of New York announced Thursday. Joshua Schulte – who was accused of handing over reams of classified data to WikiLeaks in 2016 – was convicted in ...