Group-IB blocks attempted attack by Chinese APT

Singaporean cybersecurity firm Group-IB has averted two attempted malware attacks by Chinese advanced persistent threat group Tonto Team, also known as UAC-0018, Karma Panda, Cactus Pete, Bronze Huntley, and Earth Akhlut, reports The Hacker News. Phishing emails with the Royal Road weaponizer-laced Microsoft Office documents have been leveraged by Tonto Team in its attempted attack against Group-IB in June that sought to spread the Bisonal malware, similar to techniques used by the group in its attacks against Russian government agencies and scientific organizations amid the ongoing Russia-Ukraine war, according to Group-IB. Aside from using Bisonal malware, which enables command execution, Tonto Team has also been utilizing the QuickMute downloader to facilitate next-stage malware retrieval. "The main goals of Chinese APTs are espionage and intellectual property theft. Undoubtedly, Tonto Team will keep probing IT and cybersecurity companies by leveraging spear-phishing to deliver malicious documents using vulnerabilities with decoys specially prepared for this purpose," said Group-IB researchers.