ToddyCat

  • First known sample

    2020
  • Discovery

    2022
  • Number of targets

    1-100
  • Current status

    –°onsidered active
  • Type

    APT
  • Targeted platforms

    Windows
  • TOP targeted countries

    Afghanistan , India , Indonesia , Iran , Kyrgyzstan , Malaysia , Nepal , Pakistan , Russia , Taiwan , Thailand , The United Kingdom , Uzbekistan , Vietnam
  • The way of propagation

    Exploits , Social engineering
  • Purpose/Functions

    Cyberespionage
  • Targets

    Government entities , Military
  • Implant

    Samurai, ChinaChopper and Ninja post exploitation toolkit

  • Description

    ToddyCat is a relatively new sophisticated APT group, the activity of which was first detected by Kaspersky researchers in December 2020 when it carried out a number of attacks on the targets’ Microsoft Exchange servers. In February-March 2021, Kaspersky observed a quick escalation as ToddyCat started to abuse the ProxyLogon vulnerability on Microsoft Exchange Servers to compromise multiple organizations across Europe and Asia. Starting from September 2021 the group shifted its attention to desktop machines related to government and diplomatic entities in Asia. The group constantly updates its arsenal and continued to perform attacks in 2022.

    APT ToddyCat