Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Not quite an Easter egg: a new family of Trojan subscribers on Google Play
May 4, 2023
Every once in a while, someone will come across malicious apps on Google Play that seem harmless at first. Some of the trickiest of these are subscription Trojans, which often go unnoticed until the user finds they have been charged for services they never intended to buy. This kind of malware often finds its way ...
- China issues report on U.S. CIA’s cyberattacks on other countries
May 4, 2023
China on Thursday released an investigation report revealing an “empire of hackers” of the Central Intelligence Agency (CIA) of the United States, one of the major intelligence agencies of the country’s federal government. Over a long period, the CIA has been secretly orchestrating “peaceful evolution” and “color revolutions” around the world, continuously conducting espionage activities, said ...
- Apple and Google team up to tackle AirTag stalking
May 3, 2023
Apple and Google have teamed up to thwart people who try to track others using devices designed to help find lost keys and luggage. The rival tech giants do not often collaborate on new features for their smartphones, with a joint initiative to create contact tracing software during the pandemic one of few past examples. Read more… Source: ...
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
May 1, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-1389 TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 Apache Log4j2 Deserialization of Untrusted Data Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans Related story: CISA Releases ...
- Cyber Attacks Hit in Massachusetts and South Carolina
May 1, 2023
Lowell, which is Massachusetts’ fourth largest city, discovered a cyber intrusion early last week, and its response saw many city systems taken offline. Meanwhile, Spartanburg County, S.C., was struck by ransomware, too. Spartanburg County, S.C., — a community of roughly 327,000 residents — suffered a ransomware attack last week, according to The Record. Essential services like ...
- T-Mobile discloses second data breach since the start of 2023
May 1, 2023
T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023. Compared to previous data breaches reported by T-Mobile, the latest of which impacted 37 million people, this incident affected only 836 customers. Still, the amount ...

