More about the ToddyCat group, its tactics, techniques, procedures and tools
Samurai, ChinaChopper and Ninja post exploitation toolkit
ToddyCat is a relatively new sophisticated APT group, the activity of which was first detected by Kaspersky researchers in December 2020 when it carried out a number of attacks on the targets’ Microsoft Exchange servers. In February-March 2021, Kaspersky observed a quick escalation as ToddyCat started to abuse the ProxyLogon vulnerability on Microsoft Exchange Servers to compromise multiple organizations across Europe and Asia. Starting from September 2021 the group shifted its attention to desktop machines related to government and diplomatic entities in Asia. The group constantly updates its arsenal and continued to perform attacks in 2022.