← All Threat Actors
Threat Actor Profile

ToddyCat

G1022 Websiic
▲ High Threat
ToddyCat is responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. There is still little information about this actor, but its main distinctive signs are two formerly unknown tools that Kaspersky call ‘Samurai backdoor’ and ‘Ninja Trojan’.
Origin

Target Sectors

Military Government

Known TTPs

Disable or Modify System Firewall
Data from Local System
Domain Groups
Scheduled Task
Spearphishing via Service
Domain Account
Non-Application Layer Protocol
Domain Accounts
Native API
Process Discovery
Remote System Discovery
System Network Connections Discovery
SMB/Windows Admin Shares
Windows Command Shell
Exploit Public-Facing Application
Exfiltration to Cloud Storage
Security Software Discovery
PowerShell
Hidden Window
File and Directory Discovery
Remote Data Staging
Windows Management Instrumentation
Match Legitimate Resource Name or Location
Local Storage Discovery
Archive via Utility

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD