• Wed. Jul 17th, 2024

Tonto Team Hackers Regularly Intimidate South Korean Institutions

Avatar photo

ByHarper Stewart

Apr 29, 2023
Tonto Team Hackers Regularly Intimidate South Korean Institutions
Harper Stewart
Latest posts by Harper Stewart (see all)

Tonto Team, a hacking gang purportedly connected to China, has launched new attacks against political, diplomatic, and institutions related to education and construction in South Korea. According to a recent investigation by ASEC, “A group of attackers use a file associated with anti-malware solutions to carry out their malicious attacks.”

How the Attack Happened

The Tonto Team has a lot of experience hacking in Asia and Eastern Europe and has been active at least since 2009. Additionally, the group was implicated in a botched phishing attempt against a cybersecurity firm earlier this year. 

The attack chain identified by ASEC started with a Microsoft Compiled HTML Help (“.chm”) file that ran a binary file in preparation for the DLL Sideloading injection of a malicious library (slc.dll). Soon enough, ReVBShell, an open source VBScript backdoor, was released.

Attackers downloaded the genuine Avast software configuration file (wsc_proxy.exe) and a malicious DLL (wsc.dll) using ReVBShell, which eventually resulted in the installation of the Bisonal RAT trojan.

What is Trojan

Trojan horses, often known as Trojans, are nefarious programs or pieces of code that can commandeer your computer. Your data or network is intended to be damaged, interfered with, stolen from, or generally subjected to some other detrimental activity. 

A Trojan can carry out the task for which it was created once it has been installed. It’s important to know that it’s extremely difficult to spot a trojan as it was designed for a very silent attack.

The Rise of Cyber Attacks

Experience demonstrates that other countries’ cybercriminals also employ CHM files as a means of distributing malware. ScarCruft, a North Korean gang that frequently targets South Korean companies with its attacks, also employs identical attack chains.

Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.