Tonto Teams Failed Attempt To Compromise Group IB

Activity attributed to the Chinese espionage group the Tonto Team has targeted various strategic sectors including healthcare government financial education military energy and Information technology since at least 2009. In a recent campaign the threat group targeted the security firm Group IB by sending weaponized attachments to employees. Masquerading as employees of legitimate organizations the Tonto team used fake email ID created with GMX Mail. The malicious attachments were created with the Royal Road weaponizer which can create documents that attempt to exploit CVEs related to the MS Equation Editor vulnerabilities. The campaign further used the Bisonal DoubleT backdoor as well as the TontoTeam.Downloader (akaQuickMute) to obtain the threat actors objective which included collecting GroupIB intellectual property