ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Transparent Tribe: Evolution analysis, part 2

    August 26, 2020

    Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian military and government personnel. This is the second of ...

  • Hackers for hire attack architecture firm via 3ds Max exploit

    August 26, 2020

    An advanced hackers-for-hire group has compromised computers of an architecture firm involved in luxury real-estate projects worth billions of US dollars. The group carries out espionage operations, the attack vector being a malicious plugin for the Autodesk 3ds Max software for creating professional 3D computer graphics. According to an investigation from Bitdefender, the unnamed victim is an ...

  • Security researcher discloses Safari bug after Apple delays patch

    August 25, 2020

    A security researcher has published details today about a Safari browser bug that could be abused to leak or steal files from users’ devices. The bug was discovered by Pawel Wylecial, co-founder of Polish security firm REDTEAM.PL. Wylecial initially reported the bug to Apple earlier this spring, in April, but the researcher decided to go public with ...

  • Lazarus group strikes cryptocurrency firm through LinkedIn job adverts

    August 25, 2020

    The Lazarus group is on the hunt for cryptocurrency once more and has now launched a targeted attack against a crypto organization by exploiting the human element of the corporate chain. On Tuesday, cybersecurity researchers from F-Secure said the cryptocurrency organization is one of the latest victims in a global campaign which has targeted businesses in ...

  • Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites

    August 25, 2020

    It has now become a mainstream tactic for big ransomware groups to create so-called “leak sites” where they upload and leak sensitive documents from companies who refuse to pay the ransomware decryption fee. These “leak sites” are part of a new trend forming on the cybercriminal underground where ransomware groups are adopting a new tactic called ...

  • Brute-force cyberattacks on the rise in Brazil

    August 24, 2020

    Brazil has seen a spike in brute-force cyberattacks driven by the increase in remote working, according to a new report on security threats in the first six months of 2020. More than 2.6 billion attempts at cyber attacks have been recorded by cybersecurity firm Fortinet from January to June, out of a total of 15 billion ...