ToddyCat Threat Group Is Targeting Microsoft Exchange Servers in Asia and Europe
Police bust nine in the Netherlands for phishing, fraud, and scams, Ukraine CERT exposes two new hacking campaigns, Delivery company Yodel impacted by 'cyber incident,' much more
Researchers at Kaspersky Lab discovered that an advanced persistent threat (APT) group, ToddyCat, has been targeting Microsoft Exchange servers throughout Asia and Europe for over a year, since at least December 2020.
While tracking the group, the researchers also found a previously unknown passive backdoor they named Samurai and new trojan malware dubbed Ninja Trojan, both of which allow the attackers to take control of infected systems and move laterally within the victims' networks. Researchers at ESET spotted the group earlier and have been tracking them as a cluster of activity they dubbed Websiic starting with March 2021. (Sergiu Gatlan / Bleeping Computer)
Related: Dark Reading, Decipher, Reddit - cybersecurity, Security Affairs, Infosecurity Magazine, The Hacker News, CSO Online, Securelist
A cross-border operation, supported by Europol and involving the Belgian Police and the Dutch Police (Politie), resulted in the dismantling of an organized crime group engaged in phishing, fraud, scams, money laundering, and arrested of nine people in the Netherlands.
Europol confirmed that the group typically contacted victims through email, text messages, and mobile messaging applications. The group allegedly used money mules to get the money out of victim accounts, and some gang members are reportedly connected to drug and firearm trafficking. (Jonathan Greig / The Record)
Related: Europol, Politie, The Hacker News
Officials with the Computer Emergency Response Team of Ukraine (CERT-UA) exposed two new hacking campaigns against targets in the country this week, one using a phony tax collection document purportedly sent by the national tax agency and the other using a malicious document that discussed the threat of nuclear attack from Russia.
CERT-UA warned of a malicious Microsoft Word document titled “Imposition of penalties” distributed by email supposedly from the State Tax Service of Ukraine. If opened, the document would attempt to load a Cobalt Strike Beacon, which could give an attacker a connection to a target system and potentially enable malicious behavior. CERT-UA attributed the other attack, which used malicious code in a text file that sought to launch the CredoMap malware, to the Russian group APT28, also known as Fancy Bear. (AJ Vicens / Cyberscoop)
Related: Bloomberg, CERT.gov.ua, CIP.gov.ua, CERT.gov.ua, Bleeping Computer
Delivery company Yodel is experiencing service delays because of what it describes as a "cyber incident" affecting customer services and parcel tracking.
Craft beer retailer Beer Hawk uses Yodel to distribute deliveries and is one of the customers affected by the incident. "Yodel is currently experiencing service delays due to a system-wide outage," according to an update on Beer Hawk's website, which says the issues have been affecting their deliveries since at least Monday. (Danny Palmer / ZDNet)
Related: Techmonitor, The Tech Outlook, Macworld, IT PRO, Bleeping Computer, Heimdal Security Blog, SecureReading, The Sun, Infosecurity Magazine, The Register - Security, Beer Hawk, Computing, Liverpool Echo

Researchers at Minerva Labs found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users.
Adobe confirmed that users have reported experiencing issues due to DLL (dynamic link libraries injected by security vendors to hunt for malware) components from some security products being incompatible with Adobe Acrobat’s usage of the CEF library. The company said that it is currently working with these vendors to address the problem and “to ensure proper functionality with Acrobat's CEF sandbox design going forward.” (Ionut Ilascu / Bleeping Computer)
Related: Slashdot, Minerva Labs
Yuriy Kurmaz, CEO of Ukrtelecom, one of Ukraine’s leading internet and phone providers, said his employees decided to sabotage equipment rather than hand control to Russia in occupied territories.
Instead of giving Russians control, the company’s employees decided to delete crucial files from computers. Russian forces had attempted to seize parts of the telecom’s network by using a combination of hacking and physical intimidation. (Ryan Gallagher / Bloomberg)

Representative Sara Jacobs (D-CA) and Senators Mazie Hirono (D-HI), and Ron Wyden (D-OR) introduced legislation, My Body, My Data Act, to would bar companies from retaining data about users’ reproductive health without consent.
The bill would also give people the power to demand companies disclose and delete the data, as well as the power to sue companies for violations of the law. (Rebecca Klar / The Hill)
Related: EFF
A tracking tool installed on many hospitals’ websites has been collecting patients’ sensitive health information, including details about their medical conditions, prescriptions, and doctor’s appointments, and sending it to Facebook.
The Markup tested the websites of Newsweek’s top 100 hospitals in America and found the tracker, called MetaPixel, on thirty-three of them. The tracker sent a packet of data connected to an I.P. address whenever a person clicked a button to schedule a doctor’s appointment. Former regulators, health data security experts, and privacy advocates who reviewed The Markup’s findings said the hospitals in question may have violated the federal Health Insurance Portability and Accountability Act (HIPAA).
In a statement, a Facebook spokesperson said, “If Meta’s signals filtering systems detect that a business is sending potentially sensitive health data from their app or website through their use of Meta Business Tools, which in some cases can happen in error, that potentially sensitive data will be removed before it can be stored in our ads systems.” (Todd Feathers, Simon Fondrie-Teitler, Angie Waller, and Surya Mattu / The Markup)
Related: S.C. Magazine, GovInfoSecurity.com, STAT
China’s ambition to collect a staggering amount of personal data from everyday citizens is more expansive than previously known, with phone tracking devices everywhere, massive DNA databases, and facial and voice recognition technology used against the general population.
An extensive investigation by the New York Times Visual Investigations team and reporters in Asia found that, among other things, Chinese police analyze human behaviors to ensure facial recognition cameras capture as much activity as possible, authorities are using phone trackers to link people’s digital lives to their physical movements, and DNA, iris scan samples and voice prints are being collected indiscriminately from people with no connection to crime. (Isabelle Qian, Muyi Xiao, Paul Mozur, and Alexander Cardia / New York Times)


Russia’s failure so far to gain the upper hand in cyber conflict is a consequence of a quiet partnership of the world’s biggest technology companies, U.S. and NATO intelligence agencies, and Ukraine’s own army of hackers.
Despite a volley of destructive cyberattacks by Russia, including one aimed at satellite provider Viasat, Ukraine, working with private tech companies, Western intelligence, and its expert software engineers, has quickly fixed most of the damage. Moreover, the close partnerships between U.S. technology companies and Western cybersecurity agencies are one of the unheralded stories of the war. (David Ignatius / Washington Post)

Threat intelligence company Cyberint has raised $40 million in a venture capital funding round.
StageOne Late Stage Arm, Neva SGR, and Viola Growth led the round with the participation of all existing investors. (Abiola Ayodele / Venture Beat)
Related: VentureBeat, Security Week, NoCamels, FinSMEs
Image from Microsoft Office team, Public domain, via Wikimedia Commons
Create your profile
Only paid subscribers can comment on this post
Check your email
For your security, we need to re-authenticate you.
Click the link we sent to , or click here to sign in.