Network Security, Data Security, Threat Intelligence
Elusive group ToddyCat refines techniques for large-scale data theft

(Adobe Stock)
ToddyCat, an advanced persistent threat (APT) group that targets the government and defense sectors, has been observed hoovering up stolen data “on an industrial scale” from victim organizations in the Asia-Pacific region.Researchers from Kaspersky first published details of the elusive gang’s activities in 2022, although it is known to have been operating since December 2020.ToddyCat is believed to be a Chinese-speaking gang, but its origins and affiliations are unclear.In its early days, the threat group targeted a small number of organizations in Taiwan and Vietnam. It expanded the scope of its attacks, targeting numerous European and Asian organizations, when the ProxyLogon vulnerabilities in Microsoft Exchange Server were disclosed in early 2021. ToddyCat enhanced its toolset and techniques in 2023, and carried out a prolonged campaign against government entities and telecommunications providers in several Asian countries.In Kaspersky’s latest analysis of the group, published this week, researchers Andrey Gunkin, Alexander Fedotov, and Natalya Shornikova outlined the tools the gang had been observed using recently to exfiltrate vast amounts of data.“During the observation period, we noted that this group stole data on an industrial scale,” they wrote.“To collect large volumes of data from many hosts, attackers need to automate the data harvesting process as much as possible, and provide several alternative means to continuously access and monitor systems they attack.”
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds