ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Emergency update: Apple patches three zero-days

    September 22, 2023

    Apple has released security updates for several products to address a handful of zero-day vulnerabilities that may already have been used by criminals. Updates are available for: iOS 16.7 and iPadOS 16.7 iOS 17.0.1 and iPadOS 17.0.1 watchOS 9.6.3 watchOS 10.0.1 macOS Ventura 13.6 macOS Monterey 12.7 Safari 16.6.1 The updates may already have reached you in your regular update routines, but it ...

  • Air Canada releases statement after brief cyber attack

    September 22, 2023

    Air Canada appears to have been the victim of a cyber attack after the company released a statement regarding the incident on September 21st. According to the statement, an authorized group gained what the company describes as “limited” access to an internal Air Canada system. The system was related to the personal information of both staff ...

  • Overview of IoT threats in 2023

    September 21, 2023

    IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only ...

  • CISA Releases Six Industrial Control Systems Advisories

    September 21, 2023

    CISA released six Industrial Control Systems (ICS) advisories on September 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-264-01 Real Time Automation 460 Series ICSA-23-264-02 Siemens Spectrum Power 7 ICSA-23-264-03 Delta Electronics DIAScreen Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: ISC Releases Security Advisories for BIND 9   

  • Estonia: Cyber attack brought Elron ticketing system down Wednesday

    September 21, 2023

    Ticket sales for national rail carrier Elron’s trains were disrupted Wednesday afternoon, after a cyber attack. Elron spokesperson Kristo Mäe said at the time that: “Until the situation is resolved and it remains, for technical reasons, impossible to purchase a ticket while on the train, passengers can travel for free,” adding that passengers with cash on ...

  • DoppelPaymer ransomware group suspects identified

    September 20, 2023

    The German police in cooperation with the US Secret Service have executed search warrants against suspected members of the DoppelPaymer ransomware group in Germany and Ukraine. In March of 2023 the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations (FBI), apprehended ...