ToddyCat Threat Group Is Targeting Microsoft Exchange Servers in Asia and Europe
Police bust nine in the Netherlands for phishing, fraud, and scams, Ukraine CERT exposes two new hacking campaigns, Delivery company Yodel impacted by 'cyber incident,' much more
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Researchers at Kaspersky Lab discovered that an advanced persistent threat (APT) group, ToddyCat, has been targeting Microsoft Exchange servers throughout Asia and Europe for over a year, since at least December 2020.
While tracking the group, the researchers also found a previously unknown passive backdoor they named Samurai and new trojan malware dubbed Ninja Trojan, both of which allow the attackers to take control of infected systems and move laterally within the victims' networks. Researchers at ESET spotted the group earlier and have been tracking them as a cluster of activity they dubbed Websiic starting with March 2021. (Sergiu Gatlan / Bleeping Computer)
Related: Dark Reading, Decipher, Reddit - cybersecurity, Security Affairs, Infosecurity Magazine, The Hacker News, CSO Online, Securelist
A cross-border operation, supported by Europol and involving…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.