G0131
G0131Tonto Team
Description
[Tonto Team](https://attack.mitre.org/groups/G0131) is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted South Korea, Japan, Taiwan, and the United States since at least 2009; by 2020 they expanded operations to include other Asian as well as Eastern European countries. [Tonto Team](https://attack.mitre.org/groups/G0131) has targeted government, military, energy, mining, financial, education, healthcare, and technology organizations, including through the Heartbeat Campaign (2009-2012) and Operation Bitter Biscuit (2017).(Citation: Kaspersky CactusPete Aug 2020)(Citation: ESET Exchange Mar 2021)(Citation: FireEye Chinese Espionage October 2019)(Citation: ARS Technica China Hack SK April 2017)(Citation: Trend Micro HeartBeat Campaign January 2013)(Citation: Talos Bisonal 10 Years March 2020)
References
- https://attack.mitre.org/groups/G0131
- https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/
- https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
- https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf
- https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/
- https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-heartbeat-apt-campaign.pdf?
- https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html
- https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html
- https://vb2020.vblocalhost.com/uploads/VB2020-06.pdf
- https://www.secureworks.com/research/threat-profiles/bronze-huntley
Software attributed to this1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Software | Bisonals0268 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.