ToddyCat: your hidden email assistant. Part 2


Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting to access corporate correspondence while evading monitoring tools. However, all of the group’s methods Kaspersky described previously are effectively detected by EPP and EDR solutions.

The attackers continued their search for ways to bypass security solutions and developed a new tool to gain access to a victim’s cloud account via the Google API. Armed with this tool, the group automated all stages of the attack and managed to remain undetected by monitoring systems.

Read more…
Source: Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Russia’s Elite Hackers May Have New Phishing Tricks

    November 20, 2018

    A major question hanging over the United States midterm election season: Where was Russia? But while GRU hackersdidn’t directly interfere, they appear to be as active as ever. New research from two threat intelligence firms indicates that two prominent Russia-linked groups have been developing some clever phishing innovations, and are working purposefully to expand their reach. “There’s a lot of ramping ...

  • True Identity of Notorious Hacker tessa88 Revealed

    November 20, 2018

    In early 2016, a previously unknown hacker operating under the alias of tessa88 publicly emerged after offering an extensive list of compromised, high-profile databases for sale. The hacker offered for sale the databases of companies such as VKontakte, Mobango, Myspace, Badoo, QIP, Dropbox, Rambler, LinkedIn, and Twitter, among others. Within several months of incredibly active ...

  • Almost 50 Percent of 2018 Vulnerabilities Can Be Exploited Remotely

    November 20, 2018

    Approximately half of all vulnerabilities disclosed during 2018 come with a remote attack vector while only 13% of them require local access according to Risk Based Security’s 2018 Q3 Vulnerability Quick View Report. As reported by Risk Based Security, 16,172 vulnerabilities were published by their VulnDB team until the end of Q3 2018, with a 7% decrease when ...

  • A little phishing knowledge may be a dangerous thing

    November 19, 2018

    Phishing works more frequently on those who understand what social engineering is than on those who live in blissful ignorance, or so a studyof students at University of Maryland, Baltimore County suggests. Citing IBM data suggesting human error is a factor in 95 per cent of security incidents, researchers from the school’s department of computer science and electrical engineering ...

  • Hacking group returns, switches attacks from ransomware to trojan malware

    November 16, 2018

    A prolific hacking group has returned with a new campaign which looks to deliver a new remote access trojan (RAT) to victims in order to create a backdoor into PCs to steal credentials and banking information. The campaign is suspected to be the work of TA505, a well-resourced hacking group which has been active since at least 2014. ...

  • 0-Days Found in iPhone X, Samsung Galaxy S9, Xiaomi Mi6 Phones

    November 15, 2018

    At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked. Three major flagship smartphones—iPhone X, Samsung Galaxy S9, and Xiaomi Mi6—were among the devices that successfully got hacked at ...