Toddycat

Threat Actor updated a month ago (2024-09-03T11:18:03.684Z)
Download STIX
Preview STIX
ToddyCat is a notable threat actor in the cybersecurity industry, primarily targeting government organizations in the Asia-Pacific region. The group uses various methods to infiltrate systems and collect sensitive data. Notably, ToddyCat has been linked to the Advanced Persistent Threat (APT) group known as ToddyCat APT, which has been reported to use sophisticated techniques such as tunneling to legitimate cloud providers to access remote infrastructure. These actions typically involve an application running on the user's host with access to the local infrastructure connecting to the cloud through a legitimate agent, redirecting traffic or executing specific commands. The infiltration process of ToddyCat involves deploying a malware known as ToddyCat Ninja approximately 10 minutes after system infection. This malware, along with other tools, is used to collect and exfiltrate files of interest to this APT threat actor. In previous reports, ToddyCat was found to exploit vulnerabilities in infrastructures, creating a significant threat to the security of targeted organizations. Additionally, ToddyCat has been associated with other threat groups including the China-linked Evasive Panda group, which has targeted Tibetan nationals in India and the United States. ToddyCat itself has been reported to target groups in Vietnam and Taiwan, stealing data on an industrial scale. Continuous reporting and monitoring of ToddyCat's activities are crucial in understanding their strategies and mitigating their threats.
Description last updated: 2024-09-03T11:17:07.201Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malware
Espionage
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Toddycat Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
a month ago
Securelist
a month ago
Securelist
2 months ago
Securelist
2 months ago
DARKReading
4 months ago
Securelist
5 months ago
Securelist
5 months ago
DARKReading
6 months ago
Securelist
6 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securelist
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
Securityaffairs
a year ago