April 22, 2024 at 05:20PM ToddyCat, an APT group, collects data on an industrial scale from government and defense targets in the Asia-Pacific region. They use multiple simultaneous connections to steal data and maintain access, and have links to attacks going back to at least December 2020. Kaspersky recommends specific actions for organizations to protect … Read more
April 22, 2024 at 11:30AM Russian cyber firm Kaspersky reports the activities of threat actor ToddyCat, who targets primarily governmental and defense-related organizations in the Asia-Pacific region. The adversary employs various tools and techniques for large-scale data harvesting and data exfiltration, including passive backdoors and tunneling data gathering software to bypass defenses and access sensitive … Read more
October 13, 2023 at 08:30AM The APT actor ToddyCat has been linked to new malicious tools used for data exfiltration, providing insight into their tactics. Kaspersky discovered the group last year, connecting it to attacks on high-profile entities in Europe and Asia. The tools include loaders, a Trojan, a file collection tool, a Dropbox uploader, … Read more
October 12, 2023 at 10:34AM A campaign known as “Stayin’ Alive” has been targeting government organizations and telecom service providers in Asia with disposable malware since 2021, according to cybersecurity firm Check Point. The attacks originate from the Chinese group ToddyCat and use spear-phishing emails to distribute malware loaders and backdoors. Check Point believes there … Read more
October 12, 2023 at 03:42AM A cyber attack campaign named Stayin’ Alive is targeting government and telecom entities in Asia using basic backdoors and loaders for delivering malware. The campaign’s infrastructure is similar to that used by ToddyCat, a China-linked threat actor known for cyber assaults in Europe and Asia. The attacks start with a … Read more
October 11, 2023 at 05:23PM Chinese APT group “ToddyCat” is using simple but constantly evolving custom backdoors and loaders to target telecommunications organizations in Central and Southeast Asia. The group, previously linked to Chinese espionage operations, uses spear phishing emails with archive files to exploit a DLL sideloading vulnerability. While the malware used by ToddyCat … Read more