Researchers discover new hacker group targeting India

Research has revealed a new hacker group that has targeted India at least twice to date, as already hacker group DragonForce Malaysia is keeping up its incursion of cyberattacks against India.

The group, dubbed ToddyCat, was discovered by Kaspersky researchers and has been classified as an Advanced Persistent Threat (APT) due to its relentless and organised malicious activities. The new hacker group limits itself exclusively to high-value targets in the government and defence sector.

So far, the research indicates that ToddyCat first became active in December 2020, when it targeted servers in Taiwan and Vietnam. It is suspected that ToddyCat was just testing its arsenal at this time, based on the low intensity of the attacks in these two countries.

Kaspersky’s report states, “The affected organizations, both governmental and military, show that this group is focused on very high-profile targets and is probably used to achieve critical goals, likely related to geopolitical interests. Based on our telemetry, the group shows a strong interest in targets in Southeast Asia, but their activities also impact targets in the rest of Asia and Europe.”

From February to March 2021, Kaspersky observed ToddyCat exploiting a now well-known vulnerability in the servers of a major email service provider. ToddyCat’s attacks were observed across Asia and Europe, including in India.

Giampaolo Dedola, a security expert at Kaspersky, observed, “ToddyCat is a sophisticated threat actor with elevated technical skills, which is able to fly under-the-radar and make its way into the top-level organizations. Despite the number of loaders and attacks discovered during the last year, we still don’t have complete visibility of their operations and tactics. Another noteworthy characteristic of ToddyCat is its focus on advanced malware capabilities – Ninja Trojan got its name for a reason – it is hard to detect and, therefore, hard to stop.”