ToddyCat Targets Microsoft Systems

Hackers Launch New 2022 Trojans

Dark web hackers behind the ToddyCat cyber security threat have been busy launching attacks against the exchange servers of Microsoft. The extremely persistent threat actors (APT) group first surfaced in December 2020, when most of its attacks were tracked to the Microsoft Exchange servers located in European and Asian countries.

Kaspersky’s Global Research & Analysis Team (GReAT) has provided documents that revealed the devastation of the hackers’ insistent backdoor named Samurai. The discovery also includes another previously found Trojan malware called Ninja Trojan. For over a year, while tracking the group’s activity, the private cyber security team at Kaspersky reported that they’ve been tracking the attacks launched by these criminal hackers.

Research analysis provided by the security team revealed that the recorded malware strains offer a gateway for hackers to gain control of victims’ computer systems. Analytical studies by the research team also show that both Trojans can effortlessly migrate throughout an infected computer network.

The ToddyCat hackers have increased their cyber assaults since March 2021, as recorded by the ESET researchers located in Slovakia. According to the Slovak cyber security analysts, they’ve been tracking the malicious Trojan, after being detected in a hacking cluster documented as Websiic.

The report shows that the sophisticated and very persistent virus was able to execute its malicious payloads after accessing weaknesses found in the ProxyLogon Exchange. In addition, the two malicious Trojans implemented the China Chopper web shells after infiltrating vulnerable network system servers.

Hacks Against Microsoft Servers

The research team stated that although the virus was previously inactive, in February 2021 they noticed a high escalation of hacking activities carried out by these threat actors. And with the many zero-day bug vulnerabilities associated with Microsoft products, they noticed that the hackers launched coordinated cyber attacks on the tech giant’s Exchange Servers.

Also, hackers targeting unpatched Microsoft desktop computer networks and exchange servers have shown a preference for government and military establishments, which includes contractors of some high profile businesses. The latest hacking campaigns show that the hackers, between December 2020 and February 2021, hacked government agencies in Vietnam and Taiwan.

Also, from February to May 2021, the threat actors swiftly expanded their attacks on companies located in the UK, Russia, India, and Iran. ToddyCat has resurfaced with it’s latest attack targeting a different cluster of nations throughout February 2022, which includes Indonesia, Uzbekistan, and Kyrgyzstan.

The ToddyCat APT hackers have increased their cyber warfare, the Microsoft Exchange servers are currently under the third wave of attacks recently launched by the criminal hackers.