"Chinese Threat Group Leaks Hacking Secrets in Failed Attack"

Group-IB's analysis of an intercepted spear-phishing email provides further insight into the hacking techniques of the Chinese state-sponsored espionage threat actor known as Tonto Team. According to the security firm, a spear-phishing attempt against its own employees in July 2022 was made by the Chinese threat actor that historically targeted South Korea, Japan, Taiwan, and the US but has since expanded operations to include additional Asian and Eastern European nations. The US-China Economic and Security Review Commission's analysis found that Tonto Team is likely a unit of the People's Liberation Army, which in 2017, allegedly hacked multiple South Korean organizations involved in the deployment of an American anti-ballistic missile defense system. In 2021, the cybersecurity company ESET identified it as a participant in the wave of Chinese state-sponsored hackers exploiting vulnerabilities in Microsoft Exchange. During the summer, Malwarebytes discovered that the group was extending its eavesdropping operations against Russian government agencies. No single indicator prompted Group-1B to believe that Tonto Team was behind their phishing attempt, but evidence began to mount. Attached to the phishing email was a document containing metadata that revealed the default language to be "Chinese People's Republic of China." The attachment was a rich text format file created with the Royal Road RTF Weaponizer, a malware tool primarily used by Chinese Advanced Persistent Threat (APT) groups. This article continues to discuss findings regarding the Chinese state-sponsored espionage threat actor Tonto Team. 

DataBreachToday reports "Chinese Threat Group Leaks Hacking Secrets in Failed Attack"