Asian governments, telcos impacted by ToddyCat-linked attack campaign

Asian government entities and telecommunications providers, particularly those in Vietnam, Pakistan, Kazakhstan, and Uzbekistan, have been subjected to an ongoing malware attack campaign linked to Chinese cyberespionage operation ToddyCat since 2021, according to BleepingComputer. Numerous malware loaders and backdoors have been spread by attackers through spear-phishing emails, including the CurKeep backdoor that facilitates device persistence, the CurCore payload that enables remote command execution, and the StylerServ backdoor that allows port traffic monitoring, which uses infrastructure associated with ToddyCat, a Check Point report showed. "The wide set of tools described in this report are custom-made and likely easily disposable. As a result, they show no clear code overlaps with any known toolset, not even with each other," said Check Point. Meanwhile, a separate report from Kaspersky revealed that ToddyCat has been leveraging the Ninja Agent malware with file and process management capabilities in addition to Cobalt Strike, DropBox Uploader, LoFiSe stealer, and a UDP backdoor in its attacks during the past 12 months.