Tonto Team Using Anti-Malware Related Files for DLL Side-Loading Posted By gygy0101 , April 26, 2023 The Tonto Team is a threat group that targets mainly Asian countries, and has been distributing Bisonal malware. AhnLab Security Emergency response Center (ASEC) has been tracking the Tonto Team’s attacks on Korean education, construction, diplomatic, and political institutions. Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks. Figure 1. Overall operation process The Tonto Team’s involvement in the distribution of the CHM malware in Korea has been…
Additional Activities of the Tick Group That Attacks with a Modified Q-Dir and Their Ties with Operation Triple Tiang Posted By AhnLab_en , April 17, 2023 In March 2023, Eset analyzed malware that was found in an East Asian DLP manufacturer and announced that the Tick group was responsible for it. The Tick group has been active mainly in Korea and Japan since 2014, targeting various sectors such as aerospace, military, defense industries, heavy industries, electronics, telecommunications, government agencies, and diplomacy. AhnLab Security Emergency response Center (ASEC) has confirmed additional activities from this group and will be disclosing them here. * Modified Q-Dir Variants From January…
