ToddyCat is a relatively new advanced persistent threat (APT) actor that came to prominence in late 2020, and has been expanding – both technologically and geographically – ever since. The group is notorious for exploiting Microsoft Exchange servers across Europe and Asia, primarily aiming at governmental and military entities, but not confined to them. ToddyCat’s toolkit also became an object of special interest as it contains two brand new pieces of malware – dubbed Samurai backdoor and Ninja Trojan.
Kaspersky experts have been keeping an eye on how the group has been developing and, following a profound report published on Securelist, are ready to share their recent findings on ToddyCat’s ongoing campaign, and some advice on how to battle the group.
During the webinar, Giampaolo Dedola, a security expert at Kaspersky, will shed light on:
- What the ToddyCat group is, including its most outstanding techniques and spheres of interests;
- The group’s first campaign, infection scheme and Samurai backdoor;
- Ninja – a malware deployed by ToddyCat in recent attacks;
- ToddyCat’s new loaders and campaigns discovered during the investigation;
- Victimology and attribution.