ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • WhatsApp security flaw lets experts scrape 3.5 billion user numbers

    November 21, 2025

    WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints. The researchers were able to ...

  • Logitech Confirms Data Breach After Cl0p, Linked to Oracle E-Business Suite Exploits, Takes Responsibility

    November 20, 2025

    Hardware and software solutions company Logitech has disclosed a data breach that exposed employee, customer, and supplier information. “Logitech International S.A. (“Logitech”) recently experienced a cybersecurity incident relating to the exfiltration of data,” the company stated. Read more… Source: CPO Magazine News Sign up for the Cyber Security Review Newsletter The latest cyber security news and insights delivered right to ...

  • Mac users warned about new DigitStealer information stealer

    November 19, 2025

    This variant comes with advanced detection-evasion techniques and a multi-stage attack chain. Most infostealers go after the same types of data and use similar methods to get it, but DigitStealer is different enough to warrant attention. A few things make it stand out: platform-specific targeting, fileless operation, and anti-analysis techniques. Together, they pose relatively new challenges ...

  • Understanding the future of offensive AI in cybersecurity

    November 19, 2025

    As we step into an era where artificial intelligence (AI) plays an increasingly significant role in cybersecurity, discussions surrounding its offensive capabilities are becoming more prominent. A recent report by Anthropic—a leading AI research lab—has sparked the latest conversation on this topic, with questions raised about their claim that an AI-assisted attack they observed was ...

  • Dutch government is relinquishing control of Chinese-owned chipmaker Nexperia

    November 19, 2025

    The Dutch government said it’s relinquishing control of Chinese-owned chipmaker Nexperia, easing a standoff between China and the Netherlands that threatened supplies of semiconductors vital for global auto manufacturing. Economics Affairs Minister Vincent Karremans said Wednesday that he was suspending an earlier order to take control of Nexperia under a rarely invoked law. Read more… Source: ABC News Sign ...

  • Myanmar: Authorities arrest nearly 350 in raids targeting illegal gambling and online scam centres on Thai border

    November 19, 2025

    On the morning of 18 November, security forces together with departmental teams conducted an operation in the Shwe Kokko area, located to the north of Myawady. First, they cleared three buildings that had been constructed without official permission. During the operation, 346 foreign nationals currently under scrutiny were arrested. Nearly ten thousand mobile phones used in ...