New ToddyCat APT Actor Surfaces

Kaspersky shares the research of a new APT actor named, TobbyCat that has been active since December 2020 targeting industries in Europe and Asia. The threat group has a penchant for high-profile organizations, including government and military entities. The threat actor heavily targets vulnerable Microsoft Exchange servers, "it's worth noting that all the targeted machines infected between December and February were Microsoft Windows Exchange servers; the attackers compromised the servers with an unknown exploit, with the rest of the attack chain the same as that used in March." The group frequently deployed China Chopper web shells onto victim hosts and is known to possess two backdoors named Samurai and Ninja Trojan. The attribution of TobbyCat currently remains to be determined. Based on the threat actor's victim profiles, their targets align with entities typically targeted by Chinese-speaking groups.