SYMBOLCOMMON_NAMEaka. SYNONYMS

ToddyCat  (Back to overview)

aka: Websiic

ToddyCat is responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. There is still little information about this actor, but its main distinctive signs are two formerly unknown tools that Kaspersky call ‘Samurai backdoor’ and ‘Ninja Trojan’.


Associated Families

There are currently no families associated with this actor.


References
2022-06-21BleepingComputerSergiu Gatlan
@online{gatlan:20220621:microsoft:dc02b91, author = {Sergiu Gatlan}, title = {{Microsoft Exchange servers hacked by new ToddyCat APT gang}}, date = {2022-06-21}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/new-toddycat-apt-group-targets-exchange-servers-in-asia-europe/}, language = {English}, urldate = {2022-06-27} } Microsoft Exchange servers hacked by new ToddyCat APT gang
ToddyCat
2022-06-21KasperskyGiampaolo Dedola
@online{dedola:20220621:toddycat:20bf8db, author = {Giampaolo Dedola}, title = {{APT ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia}}, date = {2022-06-21}, organization = {Kaspersky}, url = {https://securelist.com/toddycat/106799/}, language = {English}, urldate = {2022-06-22} } APT ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia
ToddyCat
2021-03-10ESET ResearchThomas Dupuy, Matthieu Faou, Mathieu Tartare
@online{dupuy:20210310:exchange:8f65a1f, author = {Thomas Dupuy and Matthieu Faou and Mathieu Tartare}, title = {{Exchange servers under siege from at least 10 APT groups}}, date = {2021-03-10}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/}, language = {English}, urldate = {2021-03-11} } Exchange servers under siege from at least 10 APT groups
Microcin MimiKatz PlugX Winnti ToddyCat

Credits: MISP Project