New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting

Tonto Teams Failed Attempt To Compromise Group IB

February 22, 2023

Activity attributed to the Chinese espionage group the Tonto Team has targeted various strategic sectors including healthcare government financial education military energy and Information technology since at least 2009. In a recent campaign the threat group targeted the security firm Group IB by sending weaponized attachments to employees. Masquerading as employees of legitimate organizations the Tonto team used fake email ID created with GMX Mail. The malicious attachments were created with the Royal Road weaponizer which can create documents that attempt to exploit CVEs related to the MS Equation Editor vulnerabilities. The campaign further used the Bisonal DoubleT backdoor as well as the TontoTeam.Downloader (akaQuickMute) to obtain the threat actors objective which included collecting GroupIB intellectual property