- Rival Markets Place Offers to Win Over Former ASAP Vendors and Customers - August 17, 2023
- How Hackers Use the Dark Web? - August 17, 2023
- Debunking Top 10 Myths About the Dark Web (Part 2) - August 17, 2023
Tonto Team, a hacking gang purportedly connected to China, has launched new attacks against political, diplomatic, and institutions related to education and construction in South Korea. According to a recent investigation by ASEC, “A group of attackers use a file associated with anti-malware solutions to carry out their malicious attacks.”
How the Attack Happened
The Tonto Team has a lot of experience hacking in Asia and Eastern Europe and has been active at least since 2009. Additionally, the group was implicated in a botched phishing attempt against a cybersecurity firm earlier this year.
The attack chain identified by ASEC started with a Microsoft Compiled HTML Help (“.chm”) file that ran a binary file in preparation for the DLL Sideloading injection of a malicious library (slc.dll). Soon enough, ReVBShell, an open source VBScript backdoor, was released.
Attackers downloaded the genuine Avast software configuration file (wsc_proxy.exe) and a malicious DLL (wsc.dll) using ReVBShell, which eventually resulted in the installation of the Bisonal RAT trojan.
What is Trojan
Trojan horses, often known as Trojans, are nefarious programs or pieces of code that can commandeer your computer. Your data or network is intended to be damaged, interfered with, stolen from, or generally subjected to some other detrimental activity.
A Trojan can carry out the task for which it was created once it has been installed. It’s important to know that it’s extremely difficult to spot a trojan as it was designed for a very silent attack.
The Rise of Cyber Attacks
Experience demonstrates that other countries’ cybercriminals also employ CHM files as a means of distributing malware. ScarCruft, a North Korean gang that frequently targets South Korean companies with its attacks, also employs identical attack chains.