Names | ToddyCat (Kaspersky) | |
Country | China | |
Motivation | Information theft and espionage | |
First seen | 2020 | |
Description | (Kaspersky) ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’. | |
Observed | Sectors: Defense, Government, Telecommunications. Countries: Afghanistan, India, Indonesia, Iran, Kazakhstan, Kyrgyzstan, Malaysia, Pakistan, Russia, Slovakia, Taiwan, Thailand, UK, Uzbekistan, Vietnam. | |
Tools used | China Chopper, Cuthead, FRP, Impacket, Krong, LoFiSe, Ninja, Ngrok, PcExter, PsExec, Samurai, SoftEther VPN, TomBerBil, WAExp. | |
Operations performed | 2021 | Operation “Stayin’ Alive” Unveiling ‘Stayin’ Alive’: A Closer Look at an Ongoing Campaign in Asia Targeting Telecom and Governmental Entities <https://blog.checkpoint.com/security/unveiling-stayin-alive-a-closer-look-at-an-ongoing-campaign-in-asia-targeting-telecom-and-governmental-entities/> |
Information | <https://securelist.com/toddycat/106799/> <https://securelist.com/toddycat-keep-calm-and-check-logs/110696/> <https://securelist.com/toddycat-traffic-tunneling-data-extraction-tools/112443/> |
Last change to this card: 23 April 2024
Download this actor card in PDF or JSON format
Previous: Tiny Spider
Next: Tomiris
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |