Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.
The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FTCODE Ransomware Now Steals Chrome, Firefox Credentials
January 21, 2020
FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims. Samples of the ransomware, which has been around since 2013, were recently observed in September 2019. After further analysis, researchers say new versions of the ransomware now aim to steal credentials from Internet Explorer ...
- 16Shop Phishing Gang Goes After PayPal Users
January 21, 2020
A prolific phishing gang known as 16Shop has added PayPal customers to its target set. According to researchers at the ZeroFOX Alpha Team, the latest version of the group’s phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information (PII) as possible from users of the popular ...
- Mitsubishi Electric discloses security breach, China is main suspect
January 20, 2020
In a short statement published today on its website, Mitsubishi Electric, one of the world’s largest electronics and electrical equipment manufacturing firms, disclosed a major security breach. Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi ...
- Emotet Malware Dabbles in Extortion With New Spam Template
January 20, 2020
The Emotet malware has started using a spam template that pretends to be an extortion demand from a “Hacker” who states that they hacked the recipient’s computer and stole their data. Emotet is spread through spam emails that commonly use templates based around a particular theme such as shipping information, voice mails, scanned documents, reports, and ...
- Blocking A CurveBall: PoCs Out for Critical Microsoft-NSA Bug CVE-2020-0601
January 17, 2020
Security researchers have released proof-of-concept (PoC) codes for exploiting CurveBall (CVE-2020-0601), the first bug that the National Security Agency (NSA) reported. Included in this year’s first cycle of Patch Tuesday updates, the vulnerability affects Windows operating systems’ CryptoAPI’s validation of Elliptic Curve Cryptography (ECC) certificates and Public Key Infrastructure (PKI) trust. Enterprises and users are advised to patch their ...
- FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw
January 17, 2020
FBI said in a flash security alert that nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers. The US Cybersecurity and Infrastructure Security Agency (CISA) previously alerted organizations on January 10 to patch their Pulse Secure VPN servers against ongoing attacks trying to exploit the ...

