Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Lazarus Group’s infrastructure reuse leads to discovery of new malware
August 24, 2023
In the new Lazarus Group campaign we recently disclosed, the North Korean state-sponsored actor continues to use much of the same infrastructure despite those components being well-documented by security researchers over the years. Their continued use of the same tactics, techniques and procedures (TTPs) — many of which are publicly known — highlights the group’s confidence ...
- CISA Releases Six Industrial Control Systems Advisories
August 24, 2023
CISA released six Industrial Control Systems (ICS) advisories on August 24, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-236-01 KNX Protocol ICSA-23-236-02 Opto 22 SNAP PAC S1 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds Two Known Exploited Vulnerabilities to Catalog
- AI and the Five Phases of the Threat Intelligence Lifecycle
August 24, 2023
Artificial intelligence (AI) and large language models (LLMs) can help threat intelligence teams to detect and understand novel threats at scale, reduce burnout-inducing toil, and grow their existing talent by democratizing access to subject matter expertise. However, broad access to foundational Open Source Intelligence (OSINT) data and AI/ML technologies has quickly led to an overwhelming amount ...
- Danish cloud host says customers ‘lost all data’ after ransomware attack
August 23, 2023
Cloud host CloudNordic says most of its customers have “lost all data with us” following a ransomware attack on its data center systems, including its backups. The Denmark-based cloud company said the ransomware attack began Friday, during which cybercriminals “shut down all systems,” including its website and email, and encrypted customer systems and websites. Read more… Source: TechCrunch
- DarkGate reloaded via malvertising and SEO poisoning campaigns
August 23, 2023
In July 2023, Malwarebytes researchers observed a malvertising campaign that lured potential victims to a fraudulent site for a Windows IT management tool. Unlike previous similar attacks, the final payload was packaged differently and not immediately recognizable. The decoy file came as an MSI installer containing an AutoIT script where the payload was obfuscated to avoid ...
- Australia ranked among the most targeted countries for ransomware attacks
August 23, 2023
Cybersecurity experts warn Australian businesses are under threat as the nation remains one of the most targeted for ransomware attacks. Threat analysis company Flashpoint ranked Australia eight following 11 ransomware attacks in July, behind the USA and the UK. Read more… Source: News.com.au

