Tonto Team is a Chinese-speaking APT group that has been active since at least 2013. They primarily target military, diplomatic, and infrastructure organizations in Asia and Eastern Europe. The group has been observed using various malware, including the Bisonal RAT and ShadowPad. They employ spear-phishing emails with malicious attachments as their preferred method of distribution.
Also known as
CactusPete, KARMA PANDA, BRONZE HUNTLEY, COPPER, Red Beifang, G0131, PLA Unit 65017, Earth Akhlut, TAG-74.
References
- arstechnica.com
- docs.huihoo.com
- securelist.com
- wsj.com
- pwc.co.uk
- fireeye.com
- welivesecurity.com
- trendmicro.com
- sentinelone.com
- go.recordedfuture.com
- recordedfuture.com
Actor metadata imported from Malpedia (Fraunhofer FKIE).