ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Critical Bugs in Utilities VPNs Could Cause Physical Damage

    July 29, 2020

    Remote code-execution vulnerabilities in virtual private network (VPN) products could impact the physical functioning of critical infrastructure in the oil and gas, water and electric utilities space, according to researchers. Researchers at Claroty found that VPNs used to provide remote access to operational technology (OT) networks in industrial systems are vulnerable to an array of security ...

  • Foreseeing cyber vulnerabilities of nuclear facilities in South Asia

    July 29, 2020

    In this era of rapidly evolving technology, nuclear facilities are exposed to dynamic and evolving spectrum of cyber vulnerabilities. Cyber-attacks on nuclear facilities are a matter of concern and it’s not for the first time that a cyber-attack has been carried out. Such as attack on nuclear program of Iran to serve the purpose of ...

  • Maritime cyber attacks increase by 900% in three years

    July 29, 2020

    Cyber attacks on the maritime industry’s operational technology (OT) systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end. Addressing port and terminal operators during an online forum last week, Robert Rizika, Naval Dome’s Boston-based Head of North American Operations, explained that ...

  • Emotet malware now steals your email attachments to attack contacts

    July 29, 2020

    The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails used for infecting targets’ systems. This is the first time the botnet is using stolen attachments to add credibility to emails as Binary Defense threat researcher James Quinn told BleepingComputer. The attachment stealer module code — that also steals email ...

  • Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902

    July 28, 2020

    Following the initial disclosure of two F5 BIG-IP vulnerabilities on the first week of July, we continued monitoring and analyzing the vulnerabilities and other related activities to further understand their severities. Based on the workaround published for CVE-2020-5902, we found an internet of things (IoT) Mirai botnet downloader (detected by Trend Micro as Trojan.SH.MIRAI.BOI) that ...

  • Lazarus on the hunt for big game

    July 28, 2020

    We may only be six months in, but there’s little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents and through discussions with some of our ...