urlscan.io logo urlscan.io
SecurityTrails logo

www.aiupnow.com Open in urlscan Pro
2a00:1450:4001:811::2013  Public Scan

Back to summary
URL: https://www.aiupnow.com/2022/06/new-toddycat-hacker-group-on-experts.html
Submission: On June 22 via api from GB — Scanned from GB

Form analysis 3 forms found in the DOM

GET /search

<form action="/search" id="searchform" method="get">
  <input name="q" placeholder="Search" type="text" vk_18d09="subscribed" vk_1ad21="subscribed" vk_1b6ba="subscribed">
</form>

Name: contact-form 

<form name="contact-form">
  <p></p> Name <br>
  <input class="contact-form-name" id="ContactForm1_contact-form-name" name="name" size="30" type="text" value="">
  <p></p> Email <span style="font-weight: bolder;">*</span>
  <br>
  <input class="contact-form-email" id="ContactForm1_contact-form-email" name="email" size="30" type="text" value="">
  <p></p> Message <span style="font-weight: bolder;">*</span>
  <br>
  <textarea class="contact-form-email-message" cols="25" id="ContactForm1_contact-form-email-message" name="email-message" rows="5"></textarea>
  <p></p>
  <input class="contact-form-button contact-form-button-submit" id="ContactForm1_contact-form-submit" type="button" value="Send">
  <p></p>
  <div style="text-align: center; max-width: 222px; width: 100%">
    <p class="contact-form-error-message" id="ContactForm1_contact-form-error-message"></p>
    <p class="contact-form-success-message" id="ContactForm1_contact-form-success-message"></p>
  </div>
</form>

Name: contact-form 

<form name="contact-form">
  <input class="contact-form-name" id="ContactForm10_contact-form-name" name="name" placeholder="Name" size="30" type="text" value="">
  <input class="contact-form-email" id="ContactForm10_contact-form-email" name="email" placeholder="Email" size="30" type="text" value="">
  <textarea class="contact-form-email-message" cols="25" id="ContactForm10_contact-form-email-message" name="email-message" placeholder="Message" rows="5"></textarea>
  <input class="contact-form-button contact-form-button-submit" id="ContactForm10_contact-form-submit" type="button" value="Send">
  <br>
  <div style="text-align: center; width: 100%;">
    <div class="contact-form-error-message" id="ContactForm10_contact-form-error-message">
    </div>
    <div class="contact-form-success-message" id="ContactForm10_contact-form-success-message">
    </div>
  </div>
</form>

Text Content

New ToddyCat Hacker Group on Experts' Radar After Targeting MS Exchange Servers
#Cybersecurity - The Entrepreneurial Way with A.I.

 * 
 * 
 * 
 * 
 * 
 * 

 * Home
 * About
 * Policy
 * Contact

MenuHomeAboutPolicyContact



BREAKING

 * 
 * 
   Ecommerce
   
   
   HOW INFLATION IMPACTS BUSINESSES #ECOMMERCE

 * 
   Small Business
   
   
   SHOPPERS WHO USE AR LESS LIKELY TO RETURN PURCHASES: SNAP

 * 
   Khareem Sudlow
   
   
   DIGITAL BRANDS SAYS IT IS CLOSER TO SUNDRY ACQUISITION

 * 
   Amazon
   
   
   AWS IOT EXPRESSLINK NOW GENERALLY AVAILABLE – QUICKLY DEVELOP DEVICES THAT
   CONNECT SECURELY TO AWS CLOUD #AWS

 * 
   Henry Williams Khareem Sudlow
   
   
   THE 6 BEST POS SYSTEMS FOR BARS AND PUBS IN 2022

  



 * Home
 * Big Tech
   * Apple
   * Google
   * Amazon
   * Microsoft
   * Facebook
 * Hacker News
   * A.I.
   * IoT
   * SAAS
   * Cloud
   * CyberSecurity
   * Machine Learning
 * Startups
   * SEO
   * IPO
   * Ecommerce
   * Entrepreneur
   * Small Business
 * Gaming
   * Gadgets
   * Latest Tech
 * Music
 * Video

MenuHomeBig Tech- Apple- Google- Amazon- Microsoft- FacebookHacker News- A.I.-
IoT- SAAS- Cloud- CyberSecurity- Machine LearningStartups- SEO- IPO- Ecommerce-
Entrepreneur- Small BusinessGaming- Gadgets- Latest TechMusicVideo





TUESDAY, JUNE 21, 2022

Home Cybersecurity Khareem Sudlow noreply@blogger.com (Ravie Lakshmanan) New
ToddyCat Hacker Group on Experts' Radar After Targeting MS Exchange Servers
#Cybersecurity


NEW TODDYCAT HACKER GROUP ON EXPERTS' RADAR AFTER TARGETING MS EXCHANGE SERVERS
#CYBERSECURITY

BruceDayne 9:28 AM Cybersecurity, Khareem Sudlow, noreply@blogger.com (Ravie
Lakshmanan),



#HackerNews

An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to
a string of attacks aimed at high-profile entities in Europe and Asia since at
least December 2020.

The relatively new adversarial collective is said to have commenced its
operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using
an unknown exploit to deploy the China Chopper web shell and activate a
multi-stage infection chain.

Other prominent countries targeted include Afghanistan, India, Indonesia, Iran,
Kyrgyzstan, Malaysia, Pakistan, Russia, Slovakia, Thailand, the U.K., and
Uzbekistan, just as the threat actor evolved its toolset over the course of
different campaigns.

"The first wave of attacks exclusively targeted Microsoft Exchange Servers,
which were compromised with Samurai, a sophisticated passive backdoor that
usually works on ports 80 and 443," Russian cybersecurity company Kaspersky said
in a report published today.

"The malware allows arbitrary C# code execution and is used with multiple
modules that allow the attacker to administrate the remote system and move
laterally inside the targeted network."

ToddyCat, also tracked under the moniker Websiic by Slovak cybersecurity firm
ESET, first came to light in March 2021 for its exploitation of ProxyLogon
Exchange flaws to target email servers belonging to private companies in Asia
and a governmental body in Europe.

The attack sequence post the deployment of the China Chopper web shell leads to
the execution of a dropper that, in turn, is used to make Windows Registry
modifications to launch a second-stage loader, which, for its part, is designed
to trigger a third-stage .NET loader that's responsible for running Samurai.

The backdoor, besides using techniques like obfuscation and control flow
flattening to make it resistant to reverse engineering, is modular in that it
the components make it possible to execute arbitrary commands and exfiltrate
files of interest from the compromised host.

Also observed in specific incidents is a sophisticated tool named Ninja that's
spawned by the Samurai implant and likely functions as a collaborative tool
allowing multiple operators to work on the same machine simultaneously.

Its feature similarities to other post-exploitation toolkits like Cobalt Strike
notwithstanding, the malware enables the attacker to "control remote systems,
avoid detection, and penetrate deep inside a targeted network."

Despite the fact that ToddyCat victims are related to countries and sectors
traditionally targeted by Chinese-speaking groups, there is no evidence tying
the modus operandi to a known threat actor.

"ToddyCat is a sophisticated APT group that uses multiple techniques to avoid
detection and thereby keeps a low profile," Kaspersky security researcher
Giampaolo Dedola said.

"The affected organizations, both governmental and military, show that this
group is focused on very high-profile targets and is probably used to achieve
critical goals, likely related to geopolitical interests."

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to
read more exclusive content we post.



via https://www.AiUpNow.com

June 21, 2022 at 09:24AM by noreply@blogger.com (Ravie Lakshmanan), Khareem
Sudlow
Tags # Cybersecurity # Khareem Sudlow # noreply@blogger.com (Ravie Lakshmanan)



 * 0
   Shares
 * Pin
 * Share
 * Tweet
 * Share
 * Share
 * Share
 * Share
 * Mail
 * Share



About BruceDayne
Block-Chain Evangelist and Entrepreneur, Khareem Sudlow now founded, advised and
invested in various blockchain projects.

 * 
 * 
 * 
 * 
 * 
 * 





Newer Article Create Industry Specific Marketing Content With VistaCreate
#Ecommerce Older Article Write a TechCrunch+ guest post that could help someone
navigate this downturn #Ecommerce



NEW TODDYCAT HACKER GROUP ON EXPERTS' RADAR AFTER TARGETING MS EXCHANGE SERVERS
#CYBERSECURITY




RESEARCHERS UNCOVER 'HERMIT' ANDROID SPYWARE USED IN KAZAKHSTAN, SYRIA, AND
ITALY #CYBERSECURITY




BLACKCAT RANSOMWARE GANG TARGETING UNPATCHED MICROSOFT EXCHANGE SERVERS
#CYBERSECURITY


By BruceDayne at 9:28 AM
Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest
Labels: Cybersecurity, Khareem Sudlow, noreply@blogger.com (Ravie Lakshmanan)


Newer Post Older Post Home


 * blogger
 * disqus
 * facebook











AUTHOR DETAILS





FRESH BEATS ADDED DAILY!







FACEBOOK

 * 
 * 
 * 
 * 
 * 
 * 



 * Microsoft
 * Amazon
 * Apple




AWS IOT EXPRESSLINK NOW GENERALLY AVAILABLE – QUICKLY DEVELOP DEVICES THAT
CONNECT SECURELY TO AWS CLOUD #AWS

BruceDayneJun 21, 2022


AMAZON TRAVEL ESSENTIALS #AWS

BruceDayneJun 20, 2022


AWS MGN UPDATE – CONFIGURE DR, CONVERT CENTOS LINUX TO ROCKY LINUX, AND CONVERT
SUSE LINUX SUBSCRIPTION #AWS

BruceDayneJun 08, 2022


AWS WEEK IN REVIEW – MAY 30, 2022 #AWS

BruceDayneMay 30, 2022


IFIXIT'S APPLE WATCH SERIES 6 TEARDOWN DISCOVERS LARGER CAPACITY BATTERIES

BruceDayneSept 21, 2020


THE 8TH-GENERATION IPAD IS ALREADY $30 OFF AT WALMART

BruceDayneSept 20, 2020


THE APPLE WATCH DOESN'T COME WITH A POWER ADAPTER ANYMORE

BruceDayneSept 15, 2020


APPLE SIGNS FORMER HBO CHIEF TO A FIVE-YEAR DEAL

UnknownJan 02, 2020



CODING INSTRUMENTAL





VIRTUAL REALITY


GET THE MOST OUT OF YOUR GAME WITH THESE PC GAMING HEADSETS

BruceDayneSept 19, 2020


A FAN IS ATTEMPTING TO MAKE A HALO: REACH VR MOD ON PC #VR

BruceDayneDec 12, 2019


MAGIC LEAP REPORTEDLY ONLY SOLD 6,000 AR HEADSETS IN SIX MONTHS #VR

UnknownDec 07, 2019


LOW BUDGET VR SET UP

UnknownAug 06, 2019




ARCHIVE

Archive June (268) May (313) April (398) March (331) February (359) January
(342) December (553) November (1377) October (1321) September (751) May (332)
April (693) March (709) February (634) January (694) December (728) November
(677) October (635) September (696) August (624) July (603) June (605) May (598)
April (524) March (618) February (2279) January (3299) December (694) November
(608) October (667) September (628) August (635) July (579) June (458) May (972)


TAGS

Khareem Sudlow Tech Startups Ecommerce Small Business Cybersecurity IoT A.I.
Amazon Entrepreneur BruceDayne Microsoft IPO Google Gaming Video YouTube Gadgets
Music Apple Facebook Spotify VR Machine Learning SEO SAAS Cloud




WHAT IS A.I. UP TO NOW?


Blogs For Gadget Lovers. Have A Great Business Idea And You're Ready To Build
Your Future, But Don't Know Where To Start? Let AiUpNow Guide You.



CONNECT WITH US

 * 
 * 
 * 
 * 
 * 
 * 




TRENDING

 * BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers
   #Cybersecurity
   #HackerNews Microsoft is warning that the BlackCat ransomware crew is
   leveraging exploits for unpatched Exchange server vulnerabilities ...
   
 * Researchers Uncover 'Hermit' Android Spyware Used in Kazakhstan, Syria, and
   Italy #Cybersecurity
   #HackerNews An enterprise-grade surveillanceware dubbed Hermit has been put
   to use by entities operating from within Kazakhstan, Syria, ...
   
 * 5 Rank Tracking Tools for Organic Search #Ecommerce
   #SeoTips Monitoring organic search positions in Google is increasingly
   challenging. Google’s search results pages are now dynamic, divers...
   




CONTACT FORM



Name




Email *




Message *









CONTACT






Copyright © 2022 The Entrepreneurial Way with A.I.

| Created By Khareem Sudlow
 * 
 * 
 * 
 * 
 * 
 * 

This site uses cookies from Google to deliver its services and to analyse
traffic. Your IP address and user agent are shared with Google, together with
performance and security metrics, to ensure quality of service, generate usage
statistics and to detect and address abuse.Learn moreOk
This website uses cookies
Okay
More info
 * 0
   Shares
 * Share
 * Pin
 * Share
 * Tweet
 * Share
 * Share


 * Pin
 * Share
 * Tweet
 * Share


X