Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia

ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

Si depuis l’offensive Russe en Ukraine, le « cyber Pearl Harbor » tant redouté n'a pas fait la Une de l’actualité, les assauts contre les infrastructures numériques de l’Ukraine et incidemment dans le reste de l’Europe ont bien été constatés.

An update on cyber activity in eastern Europe.

A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.