Tonto Team
Aliases: Earth Akhlut, BRONZE HUNTLEY, CactusPete, Karma Panda
Tonto Team is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted South Korea, Japan, Taiwan, and the United States since at least 2009; by 2020 they expanded operations to include other Asian as well as Eastern European countries. Tonto Team has targeted government, military, energy, mining, financial, education, healthcare, and technology organizations, including through the Heartbeat Campaign (2009-2012) and Operation Bitter Biscuit (2017).
Open interactive actor investigation
ATT&CK techniques
T1135
Network Share DiscoveryT1574.001
DLL Search Order HijackingT1090.002
External ProxyT1059.006
PythonT1069.001
Local GroupsT1056.001
KeyloggingT1003
OS Credential DumpingT1505.003
Web ShellT1203
Exploitation for Client ExecutionT1204.002
Malicious FileT1566.001
Spearphishing AttachmentT1210
Exploitation of Remote ServicesT1059.001
PowerShellT1068
Exploitation for Privilege EscalationT1105
Ingress Tool Transfer
Network Share DiscoveryT1574.001
DLL Search Order HijackingT1090.002
External ProxyT1059.006
PythonT1069.001
Local GroupsT1056.001
KeyloggingT1003
OS Credential DumpingT1505.003
Web ShellT1203
Exploitation for Client ExecutionT1204.002
Malicious FileT1566.001
Spearphishing AttachmentT1210
Exploitation of Remote ServicesT1059.001
PowerShellT1068
Exploitation for Privilege EscalationT1105
Ingress Tool Transfer