New ToddyCat APT group targets Exchange servers in Asia, Europe

Home/Compromised, malicious cyber actors, Malware, Security Advisory, Security Update/New ToddyCat APT group targets Exchange servers in Asia, Europe

New ToddyCat APT group targets Exchange servers in Asia, Europe

A complicated persistent menace (APT) group dubbed ToddyCat has been focusing on Microsoft Trade servers all through Asia and Europe for greater than a year.

Whereas monitoring the group’s exercise, safety researchers with Kaspersky’s World Analysis & Evaluation Group (GReAT) have additionally discovered a beforehand unknown passive backdoor they named Samurai and new trojan malware dubbed Ninja Trojan.

Both malware strains allow the attacker to take control of infected systems. At the time,the hacking group exploited the ProxyLogon Exchange flaws which allows remote code execution on vulnerable servers to deploy china chopper web shells.

ToddyCat’s assaults have additionally been noticed up to now by Slovak cybersecurity agency ESET.1.

Follow us for more, Facebook, Twitter, LinkedIn and Instagram

Conclusion for ToddyCat APT

ToddyCat is a sophisticated APT group that uses multiple techniques to avoid detection and thereby keeps a low profile,” Kaspersky security researcher Giampaolo Dedola said.

The affected organizations, both governmental and military, show that this group is focused on very high-profile targets and is probably used to achieve critical goals, likely related to geopolitical interests.

ToddyCat’s indicators of compromise

5cfdb7340316abc5586448842c52aabc Dropper google.log
93c186c33e4bbe2abdcc6dfea86fbbff Dropper
5a912beec77d465fc2a27f0ce9b4052b Dll Loader Stage 2 iiswmi.dll
f595edf293af9b5b83c5ffc2e4c0f14b Dll Loader Stage 3 websvc.dll
5a531f237b8723396bcfd7c24885177f  Dll Loader Stage 2 fveapi.dll
1ad6dccb520893b3831a9cfe94786b82 Dll Loader Stage 2 fveapi.dll
f595edf293af9b5b83c5ffc2e4c0f14b Dll Loader Stage 3 sbs_clrhost.dll
8a00d23192c4441c3ee3e56acebf64b0 Samurai Backdoor
5e721804f556e20bf9ddeec41ccf915d Ninja Trojan

Other variants
33694faf25f95b4c7e81d52d82e27e7b 1.dll – Installer
832bb747262fed7bd45d88f28775bca6 Техинстр egov – ГЦП – Акрамов.exe – Loader

By | 2022-06-21T20:14:39+05:30 June 21st, 2022|Compromised, malicious cyber actors, Malware, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!