Attacks on Microsoft Exchange servers at prominent governmental and military installations in Asia and Europe are thought to have been carried out by an advanced persistent threat (APT) organization known as ToddyCat.
With Samurai, a powerful passive backdoor that typically operates on ports 80 and 443, Microsoft Exchange Servers were the only targets of the first round of attacks. According to researchers, ToddyCat is a relatively recent APT and “limited information about this actor” is available.
Samurai and Ninja malware, which experts claim are employed by the adversaries to take total control of the victim’s hardware and network, are two passive backdoors that the APT uses within the Exchange Server environment.
Read More: https://threatpost.com/elusive-toddycat-apt-targets-microsoft-exchange-servers/180031/