SYMBOLCOMMON_NAMEaka. SYNONYMS

ToddyCat  (Back to overview)

aka: Websiic

ToddyCat is responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. There is still little information about this actor, but its main distinctive signs are two formerly unknown tools that Kaspersky call ‘Samurai backdoor’ and ‘Ninja Trojan’.

Associated Families

There are currently no families associated with this actor.

References
2022-07-01RiskIQRiskIQ
@online{riskiq:20220701:toddycat:485d554, author = {RiskIQ}, title = {{ToddyCat: A Guided Journey through the Attacker's Infrastructure}}, date = {2022-07-01}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/d8b749f2}, language = {English}, urldate = {2022-07-15} } ToddyCat: A Guided Journey through the Attacker's Infrastructure
ShadowPad ToddyCat
2022-06-21BleepingComputerSergiu Gatlan
@online{gatlan:20220621:microsoft:dc02b91, author = {Sergiu Gatlan}, title = {{Microsoft Exchange servers hacked by new ToddyCat APT gang}}, date = {2022-06-21}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/new-toddycat-apt-group-targets-exchange-servers-in-asia-europe/}, language = {English}, urldate = {2022-06-27} } Microsoft Exchange servers hacked by new ToddyCat APT gang
ToddyCat
2022-06-21KasperskyGiampaolo Dedola
@online{dedola:20220621:toddycat:20bf8db, author = {Giampaolo Dedola}, title = {{APT ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia}}, date = {2022-06-21}, organization = {Kaspersky}, url = {https://securelist.com/toddycat/106799/}, language = {English}, urldate = {2022-06-22} } APT ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia
ToddyCat
2021-10-22TEAMT5TeamT5
@online{teamt5:20211022:assassinations:4cccf2a, author = {TeamT5}, title = {{Assassinations of "MiniNinja" in Various APAC Countries}}, date = {2021-10-22}, organization = {TEAMT5}, url = {https://teamt5.org/en/posts/assassinations-of-minininja-in-various-apac-countries/}, language = {English}, urldate = {2021-10-26} } Assassinations of "MiniNinja" in Various APAC Countries
ToddyCat
2021-03-10ESET ResearchThomas Dupuy, Matthieu Faou, Mathieu Tartare
@online{dupuy:20210310:exchange:8f65a1f, author = {Thomas Dupuy and Matthieu Faou and Mathieu Tartare}, title = {{Exchange servers under siege from at least 10 APT groups}}, date = {2021-03-10}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/}, language = {English}, urldate = {2021-03-11} } Exchange servers under siege from at least 10 APT groups
Microcin MimiKatz PlugX Winnti APT27 APT41 Calypso Tick ToddyCat Tonto Team Vicious Panda
2021-03-03GTSCGTSC
@online{gtsc:20210303:mild:5077cff, author = {GTSC}, title = {{'Mild' update on Microsoft Exchange 0day security vulnerability being used to attack organizations in Vietnam}}, date = {2021-03-03}, organization = {GTSC}, url = {https://gteltsc.vn/blog/cap-nhat-nhe-ve-lo-hong-bao-mat-0day-microsoft-exchange-dang-duoc-su-dung-de-tan-cong-cac-to-chuc-tai-viet-nam-9685.html}, language = {Vietnamese}, urldate = {2022-09-08} } 'Mild' update on Microsoft Exchange 0day security vulnerability being used to attack organizations in Vietnam
ToddyCat
Credits: MISP Project