Tonto Team Exploits Anti-Malware File to Attack South Korean Institutions
April 28, 2023
Malware / Cyber Threat
Recent attacks by the China-aligned threat actor known as the Tonto Team have targeted South Korean education, construction, diplomatic, and political institutions. The AhnLab Security Emergency Response Center (ASEC) reported that the group is utilizing a file associated with anti-malware products to carry out their malicious activities. Active since at least 2009, Tonto Team has a history of attacks across various sectors in Asia and Eastern Europe. Earlier this year, they were linked to an unsuccessful phishing attempt on the cybersecurity firm Group-IB. According to ASEC, the attack begins with a Microsoft Compiled HTML Help (.CHM) file that runs a binary to side-load a malicious DLL (slc.dll) and deploy the ReVBShell backdoor, an open-source VBScript tool also used by another Chinese threat actor, Tick.
Malware / Cyber Threat
Emerging Cyber Attacks: Tonto Team Targets South Korean Institutions with Unusual Tactics April 28, 2023 In a notable escalation of cyber threats, South Korean institutions across several critical sectors—namely education, construction, diplomacy, and politics—are facing fresh attacks attributed to a China-aligned threat group known as the Tonto Team. A report…
Tonto Team Exploits Anti-Malware File to Attack South Korean Institutions
April 28, 2023
Malware / Cyber Threat
Recent attacks by the China-aligned threat actor known as the Tonto Team have targeted South Korean education, construction, diplomatic, and political institutions. The AhnLab Security Emergency Response Center (ASEC) reported that the group is utilizing a file associated with anti-malware products to carry out their malicious activities. Active since at least 2009, Tonto Team has a history of attacks across various sectors in Asia and Eastern Europe. Earlier this year, they were linked to an unsuccessful phishing attempt on the cybersecurity firm Group-IB. According to ASEC, the attack begins with a Microsoft Compiled HTML Help (.CHM) file that runs a binary to side-load a malicious DLL (slc.dll) and deploy the ReVBShell backdoor, an open-source VBScript tool also used by another Chinese threat actor, Tick.