Jun 21, 2022
An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at government and military entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to deploy the China Chopper web shell and activate a multi-stage infection chain. Other prominent countries singled out include Afghanistan, India, Indonesia, Iran, Kyrgyzstan, Malaysia, Pakistan, Russia, Slovakia, Thailand, the U.K., and Uzbekistan, the swift escalation in targeting marked by improvements to its toolset over the course of successive campaigns. "The first wave of attacks exclusively targeted Microsoft Exchange Servers, which were compromised with Samurai, a sophisticated passive backdoor that usually works on ports 80 and 443," Russian cybersecurity company Kaspersky said in a report published toda