Singaporean cybersecurity firm Group-IB has averted two attempted malware attacks by Chinese advanced persistent threat group Tonto Team, also known as UAC-0018, Karma Panda, Cactus Pete, Bronze Huntley, and Earth Akhlut, reports The Hacker News.
Phishing emails with the Royal Road weaponizer-laced Microsoft Office documents have been leveraged by Tonto Team in its attempted attack against Group-IB in June that sought to spread the Bisonal malware, similar to techniques used by the group in its attacks against Russian government agencies and scientific organizations amid the ongoing Russia-Ukraine war, according to Group-IB.
Aside from using Bisonal malware, which enables command execution, Tonto Team has also been utilizing the QuickMute downloader to facilitate next-stage malware retrieval.
"The main goals of Chinese APTs are espionage and intellectual property theft. Undoubtedly, Tonto Team will keep probing IT and cybersecurity companies by leveraging spear-phishing to deliver malicious documents using vulnerabilities with decoys specially prepared for this purpose," said Group-IB researchers.
Organizations in the government, real estate, telecommunications, retail, and other sectors across the U.S., Africa, and the Middle East have been subjected to intrusions under the new CL-STA-0002 threat cluster.
BBC News reports that major online travel agency Booking.com had its customers in the U.S., UK, and other parts of the world impacted by fraud following a social engineering attack that involved the deployment of the Vidar information-stealing malware.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news