The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Cybersecurity investigators characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in the Asia-Pacific region. To collect large volumes of data from many hosts, attackers need to automate the data harvesting process as m
toddycat (3)
The advanced persistent threat (APT) actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities. ToddyCat is a Chinese APT actor who has launched a campaign against telecom and government sectors in Asian countries. The campaign has been named “Stayin’ Alive.” The Stayin' Alive campaign consists of mostly downloaders and loaders, some of which are used as an initial
Activity Summary - Week Ending on 8 July 2022:
- Red Sky Alliance identified 24,005 connections from new IP’s checking in with our Sinkholes
- DigitalOcean hit 103 x
- Analysts identified 1,557 new IP addresses participating in various Botnets
- ShadowPad
- ToddyCat
- Toll Fraud Malware
- Marriott International
- Ukraine, Dark Crystal RAT
- Crema Finance
- Maui Ransomware
Link to full report: IR-22-189-001_weekly189.pdf