ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Message Queuing Service

    July 24, 2023

    Over the last few months, FortiGuard Labs has discovered and reported multiple vulnerabilities found in the Microsoft Message Queuing (MSMQ) service. Microsoft patched these vulnerabilities in the April and July 2023 security updates. These patches are rated as critical/important, and as always, we urge users to install them as soon as possible. Read more… Source: Fortinet Labs  

  • Spyhide stalkerware is spying on tens of thousands of phones

    July 24, 2023

    A phone surveillance app called Spyhide is stealthily collecting private phone data from tens of thousands of Android devices around the world, new data shows. Spyhide is a widely used stalkerware (or spouseware) app that is planted on a victim’s phone, often by someone with knowledge of their passcode. The app is designed to stay hidden ...

  • North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack

    July 24, 2023

    In July 2023, Mandiant Consulting responded to a supply chain compromise affecting a US-based software solutions entity. Mandiant researchers believe the compromise ultimately began as a result of a sophisticated spear phishing campaign aimed at JumpCloud, a zero-trust directory platform service used for identity and access management. JumpCloud reported this unauthorized access impacted fewer than five ...

  • What is the status of US, Israel cyberwars?

    July 22, 2023

    On June 19, 2022, false rocket-warning sirens were activated in Jerusalem and Eilat, caused by a stunning cyber attack by Iran. Israel’s cyber authorities at the time tried to downplay the hack, which seemed to have significant national security implications. However, in a recent interview with The Jerusalem Post, Israel National Cyber Directorate Chief Gaby Portnoy ...

  • US Army Hopes AI Will Give Soldiers An Information Advantage

    July 21, 2023

    The Army in recent years has introduced the concept of “information advantage,” in which soldiers have the ability to make decisions and act faster than their adversaries. The service now believes artificial intelligence is the key to making the strategy a reality. Both in industry and the Defense Department, many are exploring the possibility of utilizing ...

  • First known open-source software attacks on banking sector could kickstart long-running trend

    July 21, 2023

    Application security provider Checkmarx has detailed its findings on the first known open-source software (OSS) attacks targeting the banking sector. During the first half of 2023, the firm said its supply chain research team detected several OSS attacks that showcased advanced techniques designed to exploit legitimate services – such as attaching malicious functionalities to specific components ...