CNChinaconfidence: 50G0131
Tonto TeamTonto Team
Also known as: CactusPete · KARMA PANDA · BRONZE HUNTLEY · COPPER · Red Beifang · G0131 · PLA Unit 65017 · Earth Akhlut · TAG-74 · Tonto Team
Origin
CN
Known aliases
10
Target sectors
3
Attribution
State-sponsored
Profile
Tonto Team is a Chinese-speaking APT group that has been active since at least 2013. They primarily target military, diplomatic, and infrastructure organizations in Asia and Eastern Europe. The group has been observed using various malware, including the Bisonal RAT and ShadowPad. They employ spear-phishing emails with malicious attachments as their preferred method of distribution.
Aliases· 10
CactusPeteKARMA PANDABRONZE HUNTLEYCOPPERRed BeifangPLA Unit 65017Earth AkhlutTAG-74Tonto Team
Target sectors· 3
MilitaryGovernmentPrivate sector
Known victims· 5
- Eastern Europe
- Japan
- South Korea
- Taiwan
- United States
MITRE ATT&CK Group crosswalk
References
- https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/
- https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf
- https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/
- https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403
- https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf
- https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf
- https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
- https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.