Home Security Chinese language Tonto Staff Hackers’ Second Try and Goal Cybersecurity Agency Group-IB Fails

Chinese language Tonto Staff Hackers’ Second Try and Goal Cybersecurity Agency Group-IB Fails

by crpt os


Feb 13, 2023Ravie LakshmananCyber Threat Intelligence

The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022.

The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It’s also the second attack aimed at Group-IB, the first of which took place in March 2021.

Tonto Team, also called Bronze Huntley, Cactus Pete, Earth Akhlut, Karma Panda, and UAC-0018, is a suspected Chinese hacking group that has been linked to attacks targeting a wide range of organizations in Asia and Eastern Europe.

The actor is known to be active since at least 2009 and is said to share ties to the Third Department (3PLA) of the People’s Liberation Army’s Shenyang TRB (Unit 65016).

Attack chains involve spear-phishing lures containing malicious attachments created using the Royal Road Rich Text Format (RTF) exploitation toolkit to drop backdoors like Bisonal, Dexbia, and ShadowPad (aka PoisonPlug).

“A slightly different method […] used by this threat actor in the wild is the use of legitimate corporate email addresses, most likely obtained by phishing, to send emails to other users,” Trend Micro disclosed in 2020. “The use of these legitimate emails increases the chances of the victims clicking on the attachment, infecting their machines with malware.”

Cybersecurity Firm Group-IB Fails

The adversarial collective, in March 2021, also emerged as one of the threat actors to exploit the ProxyLogon flaws in Microsoft Exchange Server to strike cybersecurity and procuring companies based in Eastern Europe.

Coinciding with Russia’s military invasion of Ukraine last year, the Tonto Team was observed targeting Russian scientific and technical enterprises and government agencies with the Bisonal malware.

The attempted attack on Group-IB is no different in that the threat actor leveraged phishing emails to distribute malicious Microsoft Office documents created with the Royal Road weaponizer to deploy Bisonal.

“This malware provides remote access to an infected computer and allows an attacker to execute various commands on it,” researchers Anastasia Tikhonova and Dmitry Kupin said in a report shared with The Hacker News.

Also employed is a previously undocumented downloader referred to as QuickMute by the Computer Emergency Response Team of Ukraine (CERT-UA), which is primarily responsible for retrieving next-stage malware from a remote server.

“The main goals of Chinese APTs are espionage and intellectual property theft,” the researchers said. “Undoubtedly, Tonto Team will keep probing IT and cybersecurity companies by leveraging spear-phishing to deliver malicious documents using vulnerabilities with decoys specially prepared for this purpose.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex