Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 23andMe blames “negligent” breach victims, says it’s their own fault
January 4, 2024
In a surprising move, in a letter to legal representatives of victims of the recent 23andMe data breach, the company has laid the blame at the feet of victims themselves. 23andMe even goes as far as to claim that this wasn’t a data breach at 23andMe at all. The reasoning: “… unauthorized actors managed to access ...
- Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices
January 3, 2024
On December 5th, 2023, FortiGuard’s AI-driven OSS malware detection system identified three intriguing PyPI (Python Package Index) packages. These packages, upon initial use, deploy a CoinMiner executable on Linux devices. Leveraging our historical malware database, Fortinet researchers noted that the indicators of compromise (IoCs) for these packages bear a resemblance to the “culturestreak” PyPI package discovered ...
- Orange suffers cyber attack affecting clients’ internet access in Spain
January 3, 2024
The Spanish unit of telecoms provider Orange on Wednesday suffered a cyber attack that affected an undisclosed number of clients who could not access certain websites, a company spokesperson said. The unauthorized access to Orange’s IP network coordination centre has been mostly solved and was neutralized by Orange, the second largest telecoms provider in Spain, the ...
- ‘Lazy’ broadband engineers blamed for exposing hospitals and banks to cyber attacks
January 2, 2024
Hospitals and banks are more exposed to cyber attacks because “lazy” broadband engineers are failing to fill in crucial forms, it has been alleged. Industry sources warned of a “Wild West” among contractors who are not handing over information about when and where they are working on BT’s network. Read more… Source: MSN News
- Cyber-hackers target UK nuclear waste company RWM
December 31, 2023
Hackers have targeted the company behind a £50bn project to build a vast underground nuclear waste store in Britain, its developer has said. Radioactive Waste Management, the company behind the Geological Disposal Facility (GDF) project, has said that hackers unsuccessfully attempted to breach the business using LinkedIn. RWM is the government-owned entity behind a trio of ...
- Mint Mobile reveals another major data breach
December 29, 2023
American mobile virtual network operator (MVNO) Mint Mobile has confirmed suffering a data breach affecting an unknown number of its customers. The company revealed the news in an email sent to its customers, in which it explained “We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained ...

