Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions


South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team.

“Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks,” the AhnLab Security Emergency Response Center (ASEC) said in a report published this week.

Tonto Team, active since at least 2009, has a track record of targeting various sectors across Asia and Eastern Europe. Earlier this year, the group was attributed to an unsuccessful phishing attack on cybersecurity company Group-IB.

Read more…