Security News > 2022 > June > New ToddyCat Hacker Group on Experts' Radar After Targeting MS Exchange Servers

An advanced persistent threat actor codenamed ToddyCat has been linked to a string of attacks aimed at high-profile entities in Europe and Asia since at least December 2020.

The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to deploy the China Chopper web shell and activate a multi-stage infection chain.

"The first wave of attacks exclusively targeted Microsoft Exchange Servers, which were compromised with Samurai, a sophisticated passive backdoor that usually works on ports 80 and 443," Russian cybersecurity company Kaspersky said in a report published today.

"The malware allows arbitrary C# code execution and is used with multiple modules that allow the attacker to administrate the remote system and move laterally inside the targeted network."

Despite the fact that ToddyCat victims are related to countries and sectors traditionally targeted by Chinese-speaking groups, there is no evidence tying the modus operandi to a known threat actor.

"ToddyCat is a sophisticated APT group that uses multiple techniques to avoid detection and thereby keeps a low profile," Kaspersky security researcher Giampaolo Dedola said.

News URL

https://thehackernews.com/2022/06/new-toddycat-hacker-group-on-experts.html