ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • How Wi-Fi spy drones snooped on financial firm

    October 12, 2022

    Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place. The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe. Naomi Wu, a DIY tech enthusiast, demonstrated a related project called Screaming ...

  • Hacking group POLONIUM uses ‘Creepy’ malware against Israel

    October 11, 2022

    Security researchers reveal previously unknown malware used by the cyber espionage hacking group ‘POLONIUM,’ threat actors who appear to target Israeli organizations exclusively. According to ESET, POLONIUM uses a broad range of custom malware against engineering, IT, law, communications, marketing, and insurance firms in Israel. The group’s campaigns are still active at the time of writing. Microsoft’s ...

  • Two Former eBay Employees Sentenced for Aggressive Cyberstalking Campaign

    October 11, 2022

    BOSTON – Two former employees of eBay, Inc. were sentenced today for their roles in a cyberstalking campaign targeting the editor and publisher of a newsletter that eBay executives viewed as critical of the company. Stephanie Popp, 34, of Louisville, Ky., eBay’s former Senior Manager of Global Intelligence, was sentenced to one year and one ...

  • Hackers took down U.S. airport web sites, Department of Homeland Security confirms

    October 10, 2022

    Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY. The official from DHS’ Cybersecurity and Infrastructure Security Agency or CISA, declined to comment on who might have been behind what appeared to be a coordinated series ...

  • Intel Alder Lake BIOS code leak may contain vital secrets

    October 10, 2022

    Source code for the BIOS used with Intel’s 12th-gen Core processors has been leaked online, possibly including details of undocumented model-specific registers (MSRs) and even the private signing key for Intel’s Boot Guard security technology. The source code was apparently shared via 4chan and GitHub, in a file containing tools and code for generating and optimizing ...

  • Criminal multitool LilithBot arrives on malware-as-a-service scene

    October 10, 2022

    A Russia based threat group that set up a malware distribution shop earlier this year is behind a Swiss Army knife-like botnet that comes with a range of other malicious capabilities, from stealing information to mining cryptocurrency. That’s according to researchers at Zscaler’s ThreatLabz threat intelligence unit. It said the Eternity group – also known as ...