ToddyCat APT Is Stealing Data on 'Industrial Scale'
-
- An advanced persistent threat (APT) group known as ToddyCat is actively targeting government and defense entities in the Asia-Pacific region, collecting data on an industrial scale. Researchers from Kaspersky have identified ToddyCat using multiple simultaneous connections to victim environments to maintain persistence and steal data. They have also uncovered new tools used by ToddyCat to enable data collection from victim systems and browsers, allowing attackers to maintain access even if one connection is discovered and eliminated. ToddyCat, likely Chinese-speaking, has been linked to attacks since at least December 2020, initially targeting organizations in Taiwan and Vietnam. However, attacks escalated following the public disclosure of ProxyLogon vulnerabilities in Microsoft Exchange Server in February 2021. Kaspersky suggests ToddyCat might have exploited ProxyLogon vulnerabilities even before February 2021, although evidence is lacking. In 2022, ToddyCat actors were found using sophisticated malware tools named Samurai and Ninja to distribute China Chopper, a well-known Web shell, on systems in Asia and Europe.
ที่มาแหล่งข่าว
https://www.darkreading.com/cyber-risk/-toddycat-apt-is-stealing-data-on-an-industrial-scale-
