Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyber criminals who hacked into Transport for London’s computer network are convicted
June 22, 2026
Two young men have admitted mounting a cyber attack on Transport for London (TfL), which cost tens of millions of pounds in losses and inconvenienced thousands of customers. The National Crime Agency and City of London Police investigated Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, after TfL’s network was ...
- Security experts warn of AI-boosted scam campaigns that can trick even the smartest victims
June 21, 2026
Messaging scams are becoming increasingly sophisticated as criminals use AI to imitate trusted people, familiar brands, and everyday conversations. New research from Kaspersky suggests these schemes are succeeding with alarming speed, often convincing victims to hand over money within minutes. The findings indicate that digital experience alone may no longer provide reliable protection against modern fraud attempts. Read more… Source: TechRadar ...
- Shadowbyt3$ claims Nintendo of America breach, stealing ~1GB of employee data from TinyPulse survey platform and demanding $2M ransom
June 20, 2026
Nintendo of America has confirmed suffering a third-party data breach incident, but played down its severity. An “extortion-as-a-service” hacking group called Shadowbyt3$ recently claimed to have breached Nintendo of America, a subsidiary of the Japanese gaming giant, operating in the United States, Canada, and some Latin America countries, and exfiltrated sensitive data on its employees. Read more… Source: ...
- Apple users told to watch out for ‘unpatchable’ iPhone security issues – here’s what we know
June 19, 2026
Security researchers Paradigm Shift have discovered a vulnerability in older iPhone and Apple Watch models which can be used to jailbreak the devices. What makes this vulnerability special is the fact that there is no fix for it – the only way to really be secure is to replace the device with a newer model. The good news is that ...
- Microsoft working on a fix for RoguePlanet, a flaw that grants full PC control
June 18, 2026
A publicly available exploit called RoguePlanet can give attackers the highest level of access on Windows systems. Microsoft has confirmed the vulnerability and says it’s working on a security update. RoguePlanet is tracked under CVE-2026-50656, where it’s described as a Microsoft Defender Elevation of Privilege (EoP) vulnerability. Read more… Source: MalwareBytes Labs Sign up for the Cyber Security Review Newsletter The latest cyber ...
- Kodak confirms breach as ShinyHunters’ leak threat reaches deadline
June 18, 2026
The Eastman Kodak Company (Kodak) confirmed to BleepingComputer that it is investigating a security breach after the ShinyHunters extortion group claimed responsibility for the incident. Kodak is the latest organization to land on the group’s leak site. ShinyHunters claims it stole more than 2.2 million records and threatened to publish the data unless the company responded by June ...