Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks
February 12, 2026
World Leaks, the cyber-criminal data extortion group which has targeted some of the world’s biggest companies, has added a novel, never-before-seen malware to their arsenal, research by Accenture Cybersecurity has revealed. Accenture has named the malware ‘RustyRocket’. It allows World Leaks to stealthily maintain persistence on networks and forms a key part of the extortion groups’ ...
- Apple patches zero-day flaw that could let attackers take control of devices
February 12, 2026
Apple has released security updates for iPhones, iPads, Macs, Apple Watches, Apple TVs, and Safari, fixing, in particular, a zero-day flaw that is actively exploited in targeted attacks. Exploiting this zero-day flaw would allow cybercriminals to run any code they want on the affected device, potentially installing spyware or backdoors without the owner noticing. Installing these ...
- Hacker warns victims after leaking 6.8 billion emails online
February 12, 2026
A hacker claims to have obtained, and leaked, 6.8 billion unique email addresses – and although the claims are unverified at this time, initial reports indicate at least half of those emails are real. Researchers at Cybernews recently found a new post on a popular data leak forum created by a hacker with the alias Adkka72424 ...
- ISA warns of increasing cyber attacks against Israeli officials
February 11, 2026
The ISA and the National Cyber Directorate announced on Wednesday that they thwarted hundreds of cyberattack attempts over the past year carried out by Iranian intelligence operatives. According to the agencies, the attacks targeted senior government and defense officials, academics, journalists, and employees in the defense industry. A joint statement said a marked escalation in hostile ...
- RenEngine: When “free” comes at too high a price
February 11, 2026
Kaspersky researchers often describe cases of malware distribution under the guise of game cheats and pirated software. Sometimes such methods are used to spread complex malware that employs advanced techniques and sophisticated infection chains. In February 2026, researchers from Howler Cell announced the discovery of a mass campaign distributing pirated games infected with a previously unknown ...
- Patch Tuesday – February 2026
February 11, 2026
Microsoft is publishing 55 vulnerabilities this February 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for six of today’s vulnerabilities, and notes public disclosure for three of those. Earlier in the month, All three of the publicly disclosed zero-day vulnerabilities published today are security feature bypasses, and Microsoft acknowledges the same cast of ...

