Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New Jersey hospital paid ransomware gang $670K to prevent data leak
October 3, 2020
University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info. The attack on the hospital occurred in early September by a ransomware operation known as SunCrypt, who infiltrates a network, steals unencrypted files, and then encrypts all of ...
- XDSpy cyber-espionage group operated discretely for nine years
October 2, 2020
Researchers at ESET today published details about a threat actor that has been operating for at least nine years, yet their activity attracted almost no public attention. Going largely unnoticed for this long is a rare occurrence these days as malicious campaigns from long-standing adversaries overlap at one point or give sufficient clues for researchers to ...
- Ransomware: Gangs are shifting targets and upping their ransom demands
October 2, 2020
Ransomware attacks continue to grow, according to data from IBM, which also suggests that ransomware gangs are upping their ransomware demands and getting more sophisticated about how they calculate the ransom they try to extort. The number of ransomware attacks IBM’s Security X-Force Incident Response team were called in to deal with tripled in the second ...
- Emotet malware takes part in the 2020 U.S. elections
October 2, 2020
Emotet is now taking part in the United States 2020 Presidential election with a new spam campaign pretending to be from the Democratic National Convention’s Team Blue initiative. When the Emotet gang sends out spam, their main goal is to convince recipients to open the attached malicious document. This is usually done through email themes that ...
- Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data
October 2, 2020
A freshly discovered family of ransomware called Egregor has been spotted in the wild, using a tactic of siphoning off corporate information and threatening a “mass-media” release of it before encrypting all files. Egregor is an occult term meant to signify the collective energy or force of a group of individuals, especially when the individuals are ...
- Palo Alto Networks Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
October 2, 2020
Palo Alto Networks Unit 42 threat researchers have been credited with discovering 27 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC), as part of its last nine months of security update releases. Vulnerabilities The Microsoft vulnerabilities discovered included 27 vulnerabilities rated “important,” including Remote Code Execution, Privilege Elevation, Information Disclosure and one Denial of Service ...

