Tonto Team
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 27/03/2026 01:14
- Updated at
- 27/03/2026 01:14
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 38 attack patterns (mitre), 6 malware, 12 sectors, 6 countries, 29 indicators, 1 vulnerabilities (cve), 4 tool
Aliases
Earth Akhlut BRONZE HUNTLEY Karma Panda CactusPete
Description
[Tonto Team](https://attack.mitre.org/groups/G0131) is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted South Korea, Japan, Taiwan, and the United States since at least 2009; by 2020 they expanded operations to include other Asian as well as Eastern European countries. [Tonto Team](https://attack.mitre.org/groups/G0131) has targeted government, military, energy, mining, financial, education, healthcare, and technology organizations, including through the Heartbeat Campaign (2009-2012) and Operation Bitter Biscuit (2017).(Citation: Kaspersky CactusPete Aug 2020)(Citation: ESET Exchange Mar 2021)(Citation: FireEye Chinese Espionage October 2019)(Citation: ARS Technica China Hack SK April 2017)(Citation: Trend Micro HeartBeat Campaign January 2013)(Citation: Talos Bisonal 10 Years March 2020)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
- Talos Bisonal Mar 2020
- ESET Exchange Mar 2021
- Secureworks BRONZE HUNTLEY
- ARS Technica China Hack SK April 2017
- CrowdStrike Manufacturing Threat July 2020
- FireEye Chinese Espionage October 2019
- Trend Micro HeartBeat Campaign January 2013
- mitre-attack (G0131)
- Kaspersky CactusPete Aug 2020
- TrendMicro Tonto Team October 2020