ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

The threat actor ToddyCat has been observed using new methods to steal corporate email data, including a custom tool called TCSectorCopy. The attack allows them to obtain OAuth 2.0 authorization protocol tokens using the user's browser, which can be used outside the compromised infrastructure perimeter to access Microsoft 365 services and Outlook emails. This represents an evolution in ToddyCat's tactics to maintain persistence and access to corporate communications.