Lucene search
K

21 matches found

The Hacker News
The Hacker News
added yesterday7 views

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail,...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/25 11:36 a.m.9 views

ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. "This attack allows them to obtain tokens for the OAuth 2.0 authorization protocol using the user's...

8.4CVSS8.6AI score0.01802EPSS
Exploits0
Securelist
Securelist
added 2025/11/21 10:0 a.m.7 views

ToddyCat: your hidden email assistant. Part 1

Introduction Email remains the main means of business correspondence at organizations. It can be set up either using on-premises infrastructure for example, by deploying Microsoft Exchange Server or through cloud mail services such as Microsoft 365 or Gmail. However, some organizations do not...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/09 11:38 a.m.46 views

New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner

A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. "Previously unseen in ToddyCat attacks, TCESB is designed to stealthily execute payloads ...

6.8CVSS7.2AI score0.57474EPSS
Exploits17
Securelist
Securelist
added 2025/04/07 10:0 a.m.24 views

How ToddyCat tried to hide behind AV software

To hide their activity in infected systems, APT groups resort to various techniques to bypass defenses. Most of these techniques are well known and detectable by both EPP solutions and EDR threat-monitoring and response tools. For example, to hide their activity in Windows systems, cybercriminals...

8.4CVSS8.2AI score0.01802EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.4 views

PT-2025-15185

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description A DLL Search Order Hijacking issue potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. Recommendations At the moment,...

8.4CVSS9.2AI score0.01802EPSS
Exploits0References41
hivepro
hivepro
added 2024/04/25 5:50 a.m.13 views

ToddyCat’s Toolkit and Tactics Fueling Data Theft

...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/22 3:11 p.m.34 views

ToddyCat Hacker Group Uses Advanced Tools for Industrial-Scale Data Theft

The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from...

6.9AI score
Exploits0
Securelist
Securelist
added 2024/04/22 10:0 a.m.43 views

ToddyCat is making holes in your infrastructure

We continue covering the activities of the APT group ToddyCat. In our previous article, we described tools for collecting and exfiltrating files LoFiSe and PcExter. This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts th...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/13 5:58 a.m.49 views

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit ...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/13 11:53 a.m.52 views

Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration

The advanced persistent threat APT actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities. The findings come from Kaspersky, which first shed light on the adversary...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/10/12 10:0 a.m.54 views

ToddyCat: Keep calm and check logs

ToddyCat is an advanced APT actor that we described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Our first publication was focused on their main tools,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/12 6:20 a.m.38 views

Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants

High-profile government and telecom entities in Asia have been targeted as part of an ongoing campaign since 2021 that's designed to deploy basic backdoors and loaders for delivering next-stage malware. Cybersecurity company Check Point is tracking the activity under the name Stayin' Alive. Targe...

7.5AI score
Exploits0
Securelist
Securelist
added 2023/07/27 10:0 a.m.92 views

APT trends report Q2 2023

For more than six years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published...

9.3CVSS7.6AI score0.99945EPSS
Exploits33
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.3 views

PT-2022-6232 · Apple +1 · Mdnsresponder.Exe +1

Name of the Vulnerable Software and Affected Versions: mDNSResponder.exe affected versions not specified Audinate Dante Application Library version le1.2.0 Description: The issue is related to a DLL Sideloading attack, where the executable improperly specifies how to load the DLL, from which fold...

7.8CVSS9.4AI score0.09092EPSS
Exploits0References12
Securelist
Securelist
added 2022/08/15 12:0 p.m.68 views

IT threat evolution Q2 2022

IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics Targeted attacks New technique for installing fileless malware Earlier this year, we discovered a malicious campaign that employed a new technique for installing...

9.3CVSS1.1AI score0.99677EPSS
Exploits162
hivepro
hivepro
added 2022/06/29 6:58 a.m.5 views

Vulnerabilities & Threats that Matter 20 June – 26 June 2022

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 413 14 4 121 19 33 For a detailed threat digest, download the pdf file here Summary The last week of June 2022 witnessed the discovery of 413 vulnerabilities out of which ...

1.6AI score
Exploits0
hivepro
hivepro
added 2022/06/23 9:9 a.m.15 views

ToddyCat exploits unknown vulnerability in Microsoft Exchange servers to targets entities in Europe and Asia

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary ToddyCat, an APT group is deploying web shells by exploiting an unknown vulnerability in the Microsoft Exchange Servers. They are initiating a multi-stage infection that aims at governmental bodies in Europe and...

3.7AI score
Exploits0
ThreatPost
ThreatPost
added 2022/06/22 12:18 p.m.38 views

Elusive ToddyCat APT Targets Microsoft Exchange Servers

An advanced persistent threat APT group, dubbed ToddyCat, is believed behind a series of attacks targeting Microsoft Exchange servers of high-profile government and military installations in Asia and Europe. The campaigns, according to researchers, began in December 2020, and have been largely...

8AI score
Exploits0References5
The Hacker News
The Hacker News
added 2022/06/21 1:22 p.m.32 views

New ToddyCat Hacker Group on Experts' Radar After Targeting MS Exchange Servers

An advanced persistent threat APT actor codenamed ToddyCat has been linked to a string of attacks aimed at government and military entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft...

2.3AI score
Exploits0
Rows per page
Query Builder