The Tonto Team, a threat actor with ties to China, is targeting South Korean institutions such as education, construction, diplomatic, and political institutions with new attacks.
This attack sequence begins with a Microsoft Compiled HTML Help (.CHM) file that is used to side-load malicious DLL files and launch ReVBShell, an open source VBScript backdoor.
This is followed by the deployment of the Bisonal remote access trojan.
Similar attack chains have also been adopted by North Korean threat actors.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply