Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange servers and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against high-risk accounts that didn’t have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain […]
ToddyCat: Unveiling an Unknown APT Actor Attacking High-Profile Entities in Europe and Asia
Description ToddyCat is a relatively new APT actor, its main distinctive signs are two formerly unknown tools called ‘Samurai backdoor’ and ‘Ninja Trojan’. The group started its activities in December 2020, compromising selected Exchange servers in Taiwan and Vietnam using an unknown exploit that led to the creation of a well-known China Chopper web shell, […]