Researchers at Kaspersky have identified a new advanced persistent threat dubbed ToddyCat that is actively targeting Microsoft exchange servers in Europe and Asia. The threat actor is leveraging two tools that were formerly unknown to the security researchers who discovered the threat actor, referred to as Samurai backdoor and Ninja Trojan respectively. Kaspersky stated that ToddyCat started its activities in December 2020 after compromising Exchange servers in Taiwan and Vietnam through an unknown exploit.
In the first period of the group’s activity, it targeted a limited number of servers located in Asia and belonging to three organizations. However, it soon exhibited a quick attack escalation with the group targeting and abusing the ProxyLogon vulnerability to compromise multiple organizations, this time expanding its scope to Europe as well.
Read More: New Toddycat APT Targets MS Exchange Servers in Europe and Asia