Researchers are monitoring an advanced persistent threat (APT) codenamed ToddyCat that has been linked to attacks on government and military entities in Europe and Asia since at least December 2020. Using an unknown exploit to deploy the Chopper web shell, the group targets Microsoft Exchange servers to activate a multistage infection change ultimately leading to Samurai, a backdoor that allows the attackers to move laterally within the compromised network.