Cyber Security firm Group-IB was unsuccessfully targeted by the advanced persistent threat (APT) group known as Tonto Team in June 2022.
Cyber Security firm Group-IB was unsuccessfully targeted by the advanced persistent threat (APT) group known as Tonto Team in June 2022.
The Singapore-headquartered firm claimed that it had identified and blocked phishing emails from the group targeting its employees. It's the second attack aimed at Group IB. The first one occurred in March 2021.
The tonto team, referred to as Bronze Huntley, Earth Akhlut, Cactus Pete, Karma Panda, and UAC-0018, has been linked to attacks targetting various organisations in Asia and Eastern Europe.
The Tonto team has been known to be active since at least 2009 and shares connections with the Third Department (3PLA) of the People's Liberation Army's Shenyang TRB.
To drop backdoors like Bisonal, Dexbia, and ShadowPad, the attack chain uses spear-phishing lures with malicious attachments created using the Royal Road Rich Text Format(RTF) exploitation tools.
The threat actors implemented slightly different mechanisms to send emails to others. They used legitimate email addresses, most likely obtained by phishing. Trend Micro reported in 2020. Using this email increases the chance of the victims clicking on the attachment and letting malware into the system.
Using Bisonal malware, the Tonto Team was observed targeting Russian scientific and technical enterprises and government agencies. Coinciding with Russia's military invasion of Ukraine last year.
"This malware provides remote access to an infected computer and allows an attacker to execute various commands on it."Researchers Tikhonova and Dmitry Kupin said in a report.
The attempted attack on Group-IB is no different. The attacker used phishing emails to distribute malicious Microsoft Office documents made with the Royal Road weaponised to deploy Bisonal.
The emergency Response team of Ukraine(CERT-UA) also uses a previously unknown downloader, QuickMute, mainly responsible for obtaining advanced malware from a remote server.
"Espionage and intellectual property theft are the primary goals of Chinese APTs, said the researcher."Undoubtedly, Tonto Team will continue probing IT and cybersecurity companies by spear-phishing to transmit malicious documents using flaws with decoys specially prepared for this purpose.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?