• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

New ToddyCat APT targets MS Exchange servers in Europe, Asia

You are here: Home / General Cyber Security News / New ToddyCat APT targets MS Exchange servers in Europe, Asia
June 21, 2022

Kaspersky researchers have uncovered a new innovative persistent menace (APT) targeting Microsoft’s Exchange servers in Europe and Asia.

Dubbed ToddyCat, the APT actor would be employing two previously mysterious instruments Kaspersky known as ‘Samurai backdoor’ and ‘Ninja Trojan,’ respectively.

In accordance to the security researchers, ToddyCat very first commenced its things to do in December 2020, compromising picked Exchange servers in Taiwan and Vietnam through an mysterious exploit that eventually led to the ultimate execution of the passive backdoor Samurai.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“During the first interval, among December 2020 and February 2021, the group targeted a quite limited selection of servers in Taiwan and Vietnam, relevant to 3 companies,” Kaspersky wrote in its SecureList blog.

“From February 26 until eventually early March, we observed a rapid escalation and the attacker abusing the ProxyLogon vulnerability to compromise various corporations throughout Europe and Asia.”

Telemetry gathered by Kaspersky would seem to hint that influenced companies, both governmental and army, show that ToddyCat is “focused on incredibly significant-profile targets and is possibly employed to realize critical ambitions, very likely associated to geopolitical pursuits.”

For context, scientists from ESET as properly as from Vietnamese company GTSC independently seemed to location early signals of ToddyCat’s bacterial infections around the identical time as Kaspersky.

“That mentioned, as much as we know, none of the community accounts explained sightings of the comprehensive an infection chain or afterwards phases of the malware deployed as part of this group’s operation,” the cybersecurity professionals wrote.

Though the 1st wave of attacks solely focused Microsoft Exchange Servers by means of the Samurai backdoor, some of these attacks witnessed the deployment of another subtle destructive program: Ninja.

“This tool is likely a part of an not known publish-exploitation toolkit exclusively employed by ToddyCat,” Kaspersky discussed.

From a specialized standpoint, Ninja appears to be a collaborative resource making it possible for various operators to do the job on the same machine simultaneously.

“It provides a massive set of commands, which allow for the attackers to command remote techniques, keep away from detection and penetrate deep within a qualified network,” Kaspersky reported.

Some of them, akin to those furnished in other notorious put up-exploitation toolkits, consist of the capability to regulate the HTTP indicators and camouflage malicious visitors in HTTP requests.

“ToddyCat is a advanced APT group that works by using various strategies to keep away from detection and therefore retains a minimal profile,” the Kaspersky publish reads.

“We’ll keep on to monitor this group and maintain you up-to-date,” the researchers concluded. 


Some sections of this posting are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News New DFSCoerce NTLM Relay Attack Enables Hackers to Perform Windows Domain Takeover
Next Post: #InfosecurityEurope2022 Cooperation Necessary to Strengthen Cyber Strategies Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.