ToddyCat 工具窃取 Outlook 电子邮件和 Microsoft 365 令牌
1 分•作者: redmug•7 个月前
据识别,Toddycat 威胁行为者正在使用更新的技术来获取目标公司的企业电子邮件信息,例如名为 TCSectorCopy 的自制工具。
根据卡巴斯基的说法,这种攻击旨在获取 OAuth 2.0 授权协议的令牌,该令牌是通过用户的浏览器生成的,可以在受入侵基础设施的边界之外使用,以访问企业邮件。
据估计,自 2020 年以来,Toddycat 一直在运作,它曾使用多种工具(如 Samurai 和 TomBerBil)攻击欧洲和亚洲的众多公司,以保持连接并窃取 Google Chrome 和 Microsoft Edge 等 Web 浏览器的 Cookie 和凭据。
查看原文
Toddycat threat actor has been identified to use newer techniques in gaining access to corporate email information of target companies such as a home-made tool called TCSectorCopy.<p>This attack, according to Kaspersky, is carried out to gain tokens of the OAuth 2.0 authorization protocol which was made with the browser of the user, and can be used outside the perimeter of the compromised infrastructure to access corporate mail.<p>Toddycat, which is estimated to have been operational since 2020, has a record of attacking numerous companies in Europe and Asia with a multitude of tools, Samurai and TomBerBil, to stay connected and steal cookies and credentials of web browsers such as Google Chrome and Microsoft Edge.