Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Online crime in Africa a bigger threat than ever before, INTERPOL report warns
August 14, 2020
Despite lower online connectivity, organized crime groups are using online tools for a range of illicit activities A new INTERPOL report on online organized crime in Africa shows how digitalization is transforming almost every major crime area across the continent. “Online crime now represents a bigger security issue for law enforcement in Africa than ever before,” reads ...
- Patch List: Adobe, Citrix, Intel, and vBulletin Vulns
August 14, 2020
Vulnerabilities expose enterprises’ systems to compromise. Now that many employees are working from home and operating devices outside the more secure office environments, the need to patch vulnerabilities as soon as they are discovered has become even more pressing. Aside from Microsoft, the following vendors also released patches recently: Adobe, Citrix, Intel, and vBulletin. We rounded ...
- FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers
August 13, 2020
The FBI and NSA have published today a joint security alert containing details about a new strain of Linux malware that the two agencies say was developed and deployed in real-world attacks by Russia’s military hackers. The two agencies say Russian hackers used the malware, named Drovorub, was to plant backdoors inside hacked networks. Based on evidence ...
- XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
August 13, 2020
Trend Micro has discovered an unusual infection related to Xcode developer projects. Upon further investigation, we discovered that a developer’s Xcode project at large contained the source malware, which leads to a rabbit hole of malicious payloads. Most notable in our investigation is the discovery of two zero-day exploits: one is used to steal cookies ...
- CactusPete APT group’s updated Bisonal backdoor
August 13, 2020
CactusPete (also known as Karma Panda or Tonto Team) is an APT group that has been publicly known since at least 2013. Some of the group’s activities have been previously described in public by multiple sources. We have been investigating and privately reporting on this group’s activity for years as well. Historically, their activity has ...
- RedCurl cybercrime group has hacked companies for three years
August 13, 2020
Security researchers have uncovered a new Russian-speaking hacking group that they claim has been focusing on the past three years on corporate espionage, targeting companies across the world to steal documents that contain commercial secrets and employee personal data. Named RedCurl, the activities of this new group have been detailed in a 57-page report released today ...

