Researchers Unveil ToddyCat’s New Set of Tools for Data Exfiltration

    Researchers from Kaspersky have uncovered a new set of malicious tools developed by the advanced persistent threat (APT) group ToddyCat for data exfiltration. ToddyCat, previously linked to attacks on high-profile organizations in Europe and Asia, has been utilizing a range of malware including the Ninja Trojan and Samurai backdoor. The newly discovered tools include loaders to launch the Ninja Trojan, a file collector tool called LoFiSe, a DropBox uploader for stolen data, and a tool called Pcexter to exfiltrate archive files to Microsoft OneDrive. ToddyCat has also been observed using custom scripts, a passive backdoor, Cobalt Strike for post-exploitation, and compromised domain admin credentials for lateral movement. The findings coincide with Check Point’s revelation that government and telecom entities in Asia have been targeted by a separate ongoing campaign that shares infrastructure with ToddyCat.

    Latest articles

    Related articles