10 matches found
Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign
A "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future's Insikt Group, which is tracking the activity under the moniker TAG-74, said the adversary has been linked to "Chinese...
Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions
South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execu...
Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions
South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execu...
Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails
The advanced persistent threat APT actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's als...
Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails
The advanced persistent threat APT actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's als...
China’s Tonto Team increases espionage activities against Russia
According to analyses of several cybersecurity firms and CERT Computer Emergency Response Team Ukraine CERT-UA, the state-sponsored threat actor group Tonto Team, which has been linked to China-backed cyber operations, is ramping up its spying campaign against Russian government agencies. The...
CactusPete APT Hones Toolset, Resurfaces with New Espionage Targets
The China-based APT known as CactusPete has returned with a new campaign aimed at military and financial targets in Eastern Europe, which is a new geography for the group’s victimology, according to researchers. The group also used a fresh variant of the Bisonal backdoor, which allows the attacke...
CactusPete APT group’s updated Bisonal backdoor
CactusPete also known as Karma Panda or Tonto Team is an APT group that has been publicly known since at least 2013. Some of the groups activities have been previously described in public by multiple sources. We have been investigating and privately reporting on this groups activity for years as...
Bisonal: 10 years of play
By Warren Mercer, Paul Rascagneres and Vitor Ventura. Update 06/03/20: added samples from 2020. Executive summary Security researchers detected and exposed the Bisonal malware over the past 10 years. But the Tonto team, the threat actor behind it, didn't stop.The victimology didn't change over...
Threat Source newsletter (March 5, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Sure, all anyone wants to talk about is coronavirus. But what about cyber security? We’ve still got cool stuff, like this huge write-up ...