 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: ToddyCat| Names | ToddyCat (Kaspersky) | |
| Country |  China | |
| Motivation | Information theft and espionage | |
| First seen | 2020 | |
| Description | (Kaspersky) ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’. | |
| Observed | Sectors: Defense, Government, Telecommunications. Countries: Afghanistan, India, Indonesia, Iran, Kazakhstan, Kyrgyzstan, Malaysia, Pakistan, Russia, Slovakia, Taiwan, Thailand, UK, Uzbekistan, Vietnam. | |
| Tools used | China Chopper, Cuthead, FRP, Impacket, Krong, LoFiSe, Ninja, Ngrok, PcExter, PsExec, Samurai, SoftEther VPN, TomBerBil, WAExp. | |
| Operations performed | 2021 | Operation “Stayin’ Alive” Unveiling ‘Stayin’ Alive’: A Closer Look at an Ongoing Campaign in Asia Targeting Telecom and Governmental Entities <https://blog.checkpoint.com/security/unveiling-stayin-alive-a-closer-look-at-an-ongoing-campaign-in-asia-targeting-telecom-and-governmental-entities/> |
| Information | <https://securelist.com/toddycat/106799/> <https://securelist.com/toddycat-keep-calm-and-check-logs/110696/> <https://securelist.com/toddycat-traffic-tunneling-data-extraction-tools/112443/> | |
Last change to this card: 23 April 2024
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |