ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Group of unskilled Iranian hackers behind recent attacks with Dharma ransomware

    August 24, 2020

    Cyber-security firm Group-IB says it identified a group of low-skilled hackers operating out of Iran that has been launching attacks against companies in Asia and attempting to encrypt their networks with a version of the Dharma ransomware. The attacks have targeted companies located in Russia, Japan, China, and India, according to a report Group-IB researchers published ...

  • Lifting the veil on DeathStalker, a mercenary triumvirate

    August 24, 2020

    State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still aren’t likely to be a part of the risk model at most companies, nor should they be. Businesses today are faced with an array of much ...

  • FBI and CISA warn of major wave of vishing attacks targeting teleworkers

    August 22, 2020

    The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory on Thursday, warning about an ongoing wave of vishing attacks targeting the US private sector. Vishing, or voice phishing, is a form of social engineering where criminals call victims to obtain desired information, usually posing as ...

  • DarkSide: New targeted ransomware demands million dollar ransoms

    August 21, 2020

    A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. Starting around August 10th, 2020, the new ransomware operation began performing targeted attacks against numerous companies. In a “press release” issued by the threat actors, they claim to be former affiliates who had made millions ...

  • Diving Into End-to-End Deep Learning for Cybersecurity

    August 21, 2020

    The application of artificial intelligence (AI) across various industries has undeniably made significant improvements in the digital era. With the capability to interpret and make complex decisions based on data, AI technologies have enabled tasks or processes to function with human-like intelligence, enhancing the speed of and innovating business operations and adding valuable user experiences. The ...

  • Transparent Tribe: Evolution analysis, part 1

    August 20, 2020

    Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have periodically reported their activities through our APT ...