Toddycat

Threat Actor updated 22 days ago (2024-11-29T14:37:50.081Z)
Download STIX
Preview STIX
ToddyCat is a threat actor, or malicious entity, known for executing actions with harmful intent. This group predominantly targets government organizations in the Asia-Pacific region to exfiltrate sensitive data. In April, ToddyCat was discovered utilizing SoftEther VPN to steal data on an "industrial scale" from governmental and defense targets within this region. Notably, it has also been observed that these tactics have now extended to Europe. The tools employed by ToddyCat include various means of data collection and extraction, as detailed in previous reports. Furthermore, ToddyCat Ninja, a specific tool linked to the group, was detected on a system approximately 10 minutes post-infection. The methods used by ToddyCat are multifaceted. One such method includes tunneling to legitimate cloud providers; this is achieved by running an application on the user's host with access to the local infrastructure that can connect to the cloud through a legitimate agent and redirect traffic or execute specific commands. While there are similarities between the Tactics, Techniques, and Procedures (TTP) used by ToddyCat and other Advanced Persistent Threat (APT) attacks, solid attribution to this group remains elusive. In addition to its operations in the Asia-Pacific region, ToddyCat has been linked with other threat groups targeting different regions and demographics. For instance, the China-linked Evasive Panda group has targeted Tibetan nationals in India and the United States, while ToddyCat has targeted groups in Vietnam and Taiwan. Despite the lack of standardized naming conventions in the cybersecurity industry, ToddyCat continues to be closely monitored due to its extensive and varied activities.
Description last updated: 2024-11-08T05:02:09.463Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malware
Espionage
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Toddycat Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
Securelist
4 months ago
Securelist
4 months ago
Securelist
4 months ago
Securelist
5 months ago
DARKReading
7 months ago
Securelist
7 months ago
Securelist
7 months ago
DARKReading
8 months ago
Securelist
8 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securelist
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago