ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Netgear Won’t Patch 45 Router Models Vulnerable to Serious Flaw

    August 4, 2020

    Netgear will not patch 45 router models that are vulnerable to a high-severity remote code execution flaw, the router company revealed last week. However, the company says that routers that won’t receive updates are outdated or have reached EOL (End of Life). The remote code execution vulnerability in question, which was disclosed June 15, allows network-adjacent ...

  • UK: Russian hackers stole trade papers from Liam Fox email

    August 3, 2020

    Documents on UK-US trade talks, leaked ahead of the 2019 general election, were stolen from an email account belonging to Conservative MP Liam Fox, it has emerged. The papers were published online and used by Labour in the 2019 campaign to claim the NHS would be put at risk. The UK government has said Russians almost certainly ...

  • CISA, DOD, FBI expose new versions of Chinese malware strain named Taidoor

    August 3, 2020

    Three agencies of the US government have published today a joint alert alerting US private entities about new versions of Taidoor, a malware family previously associated with Chinese state-sponsored hackers. The alert has been authored by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA), the Department of Defense’s Cyber Command (CyberCom), and ...

  • GandCrab ransomware distributor arrested in Belarus

    August 3, 2020

    In a press release last week, the Minister of Internal Affairs of Belarus announced the arrest of a 31-year-old man on charges of distributing the GandCrab ransomware. The man, whose name was not released, was arrested in Gomel, a small city in southeastern Belarus, at the intersection with the Russian and Ukraine border. Authorities said the man ...

  • FBI sees surge in online shopping scams, FTC says most reports ever

    August 3, 2020

    The U.S. Federal Bureau of Investigation (FBI) today warned of an increased number of reports coming from victims of online shopping scams. The public service announcement, published on the agency’s Internet Crime Complaint Center (IC3), says that the scam victims report that they found the scammers’ websites either via direct searches on popular web search engines ...

  • Take a “NetWalk” on the Wild Side

    August 3, 2020

    The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of 2020, with a strong uptick noticed in March of this year. NetWalker has noticeably evolved to a more stable and robust ransomware-as-a-service (RaaS) model, and our research suggests that the malware ...