Tonto Team

APT / StateG0131
OriginChina
Techniques (MITRE ATT&CK)15
SourceMITRE ATT&CK
Also known as:Earth AkhlutBRONZE HUNTLEYCactusPeteKarma Panda

Vexday analysis

Tonto Team é um grupo de espionagem cibernética de origem chinesa, suspeito de ser patrocinado pelo Estado, ativo desde pelo menos 2009 e identificado no MITRE ATT&CK como G0131. O grupo atuou inicialmente contra alvos na Coreia do Sul, Japão, Taiwan e Estados Unidos, expandindo suas operações a partir de 2020 para outros países asiáticos e do Leste Europeu, com foco em organizações governamentais, militares, de energia, mineração, financeiras, educacionais, de saúde e de tecnologia — incluindo as campanhas Heartbeat Campaign (2009–2012) e Operation Bitter Biscuit (2017). Também conhecido pelos aliases Earth Akhlut, BRONZE HUNTLEY, CactusPete e Karma Panda, o grupo possui 15 técnicas documentadas no MITRE ATT&CK e 10 CVEs a ele atribuídas.

Techniques (MITRE ATT&CK) 15

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Initial access
Spearphishing Attachment
Execution
PowerShellPythonExploitation for Client ExecutionMalicious File
Persistence
Web Shell
Privilege escalation
Exploitation for Privilege Escalation
Credential access
OS Credential Dumping
Discovery
Local GroupsNetwork Share Discovery
Lateral movement
Exploitation of Remote Services
Collection
Keylogging
Command and control
External ProxyIngress Tool Transfer
stealth
DLL

Exploited vulnerabilities 10

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2017-11882HIGHEPSS 100%KEVCVE-2014-7169CRITICALEPSS 100%KEVCVE-2018-0798HIGHEPSS 95%KEVCVE-2018-0802HIGHEPSS 93%KEVCVE-2018-8174HIGHEPSS 88%KEVCVE-2019-0803HIGHEPSS 45%KEVCVE-2020-8468HIGHEPSS 6%KEVCVE-2016-6662EPSS 68%CVE-2017-0176EPSS 46%CVE-2019-9489EPSS 2%

Tonto Team uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →