Security News > 2023 > February > Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails

The advanced persistent threat actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022.

The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees.

Tonto Team, also called Bronze Huntley, Cactus Pete, Earth Akhlut, Karma Panda, and UAC-0018, is a suspected Chinese hacking group that has been linked to attacks targeting a wide range of organizations in Asia and Eastern Europe.

The adversarial collective, in March 2021, also emerged as one of the threat actors to exploit the ProxyLogon flaws in Microsoft Exchange Server to strike cybersecurity and procuring companies based in Eastern Europe.

Coinciding with Russia's military invasion of Ukraine last year, the Tonto Team was observed targeting Russian scientific and technical enterprises and government agencies with the Bisonal malware.

"Undoubtedly, Tonto Team will keep probing IT and cybersecurity companies by leveraging spear-phishing to deliver malicious documents using vulnerabilities with decoys specially prepared for this purpose."

News URL

https://thehackernews.com/2023/02/chinese-tonto-team-hackers-second.html