Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 2022 CWE Top 25 Most Dangerous Software Weaknesses
June 28, 2022
The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The list uses data from the National Vulnerability Database to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An ...
- De-anonymizing ransomware domains on the dark web
June 28, 2022
Ransomware operators typically constrain their activities to the dark web to conceal their illegal activities. Their public leak sites and victim communication portals are accessible only on The Onion Router (TOR) network via a specific URL that is only available via direct disclosure. This limits access to fellow operators, victims and security researchers who track ...
- Evilnum hackers return in new operation targeting migration orgs
June 28, 2022
The Evilnum hacking group is showing renewed signs of malicious activity, targeting European organizations that are involved in international migration. Evilnum is an APT (advanced persistent threat) that has been active since at least 2018 and had its campaign and tools exposed only recently, in 2020. At that time, ESET published a technical report describing the threat ...
- Raccoon Stealer is back with a new version to steal your passwords
June 28, 2022
The Raccoon Stealer malware is back with a second major version circulating on cybercrime forums, offering hackers elevated password-stealing functionality and upgraded operational capacity. The Raccoon Stealer operation shut down in March 2022 when its operators announced that one of the lead developers was killed during Russia’s invasion of Ukraine. The remaining team promised to return with ...
- Russian cyber attack on Lithuania unlikely to provoke military response
June 28, 2022
A NATO member is under attack. Normally the meaning of this would be frighteningly clear, but this is an attack with a difference: not a physical attack, but a cyber attack; and working out what a cyber attack means is never simple. The NATO member in question is the Baltic state of Lithuania, which was targeted on ...
- Conti vs. LockBit: A Comparative Analysis of Ransomware Groups
June 27, 2022
Trend Micro has been monitoring the leak sites of multiple ransomware groups since November 2019 and continuously looking at the number and composition of organizations that have been victimized and whose information has been publicized by these groups. As a result of their research thus far, Conti and LockBit stand out in terms of their ...

