ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • New SectopRAT Trojan creates hidden second desktop to control browser sessions

    November 21, 2019

    A new Trojan, SectopRAT, has appeared in the wild which is able to launch a hidden secondary desktop to control browser sessions on infected machines. The new malware was first spotted by MalwareHunterTeam. In a tweet on 15 November, MalwareHunterTeam said the C# malware, compiled on 13 November, was able to “create hidden desktop and run ...

  • High-Severity Windows UAC Flaw Enables Privilege Escalation

    November 20, 2019

    Researchers disclosed details of a high-severity Microsoft Windows vulnerability that could give attackers elevated privileges – ultimately allowing them to install programs, and view, change or delete data. The bug stems from User Account Control (UAC), a security feature of Windows within Secure Desktop which helps prevent unauthorized changes to the operating system. “With UAC fully ...

  • Thousands of businesses vulnerable to ‘severe’ Oracle EBS flaws

    November 20, 2019

    Security researchers at Onapsis have discovered a number of ‘severe’ vulnerabilities in Oracle’s E-Business Suite (EBS) that could leave more than 21,000 organisations at risk of financial theft and fraud. Oracle EBS has become a critical set of products that help to integrate customer relationship management (CRM), enterprise resource planning (ERP) and supply chain management processes within a ...

  • ICS Cyberwarfare: The Latest Threat to America’s Power Grid

    November 20, 2019

    The modern world is dependent on electricity, and the United States is no exception. I remember the notorious blackouts that affected the eastern U.S. and Canada in August 2003. The duration of the mass power outage lasted anywhere between several hours and a week depending on where you were. I was in Hamilton, Canada, and ...

  • Mac Backdoor Linked to Lazarus Targets Korean Users

    November 20, 2019

    Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Case in point: A new variant of a Mac backdoor (detected by Trend Micro as Backdoor.MacOS.NUKESPED.A) attributed to the cybercriminal group Lazarus, which was observed targeting Korean users with a macro-embedded Microsoft Excel spreadsheet. Similarities to an ...

  • NSA Publishes Advisory Addressing Encrypted Traffic Inspection TLCRisks

    November 19, 2019

    The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products. TLSI (aka TLS break and inspect) is the process through which enterprises can inspect encrypted traffic with the help of a dedicated product such as a proxy ...