CactusPete

Threat Actor updated a month ago (2024-11-29T13:34:10.711Z)
Download STIX
Preview STIX
CactusPete, also known as Tonto Team, is a Chinese-speaking cyber-espionage group that has been active since at least 2012. Characterized by medium-level technical capabilities, CactusPete has demonstrated a significant development pace, producing more than 20 samples per month. The group primarily targets organizations within a limited range of countries, including South Korea, Japan, the US, and Taiwan. Interestingly, despite its non-sophisticated techniques, such as using plain code without complicated obfuscation and spear-phishing messages with "magic" attachments for distribution, the group has had considerable success in its activities. On March 3, 2021, CactusPete compromised the email servers of a procurement company and a consulting firm specialized in software development and cybersecurity, both based in Eastern Europe. Moreover, throughout late 2019 and 2020, CactusPete began deploying ShadowPad malware, victimizing government organizations, energy, mining, defense bodies, and telecoms located in Asia and Eastern Europe. This reflects the group's offensive activity against the Russian defense industry and Mongolian government, which appears to be mostly delineated from its Russian-Mongolian commercial and border relationships. Like other Advanced Persistent Threat (APT) actors such as TwoSail Junk, FunnyDream, DarkHotel, and others, CactusPete continues to exploit software vulnerabilities. It's clear from their activities that geo-politics is an important driver of APT activity. Despite the lack of advanced techniques, CactusPete's success underscores the potential threat posed by even medium-capability groups, highlighting the need for robust cybersecurity measures across all sectors and regions.
Description last updated: 2024-05-05T00:06:28.604Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Tonto Team is a possible alias for CactusPete. Tonto Team is a Chinese government-aligned Advanced Persistent Threat (APT) group, recognized for its malicious cyber activities. The team has been active for over a decade, utilizing various types of malware, notably the Bisonal and ShadowPad backdoors, in campaigns against entities in Japan, Russi
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the CactusPete Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more