[threat-actors] Add Tonto Team aliases

clusters/threat-actor.json

@@ -5162,6 +5162,7 @@
       "value": "Cyber Berkut"
     },
     {
+      "description": "Tonto Team is a Chinese-speaking APT group that has been active since at least 2013. They primarily target military, diplomatic, and infrastructure organizations in Asia and Eastern Europe. The group has been observed using various malware, including the Bisonal RAT and ShadowPad. They employ spear-phishing emails with malicious attachments as their preferred method of distribution.",
       "meta": {
         "attribution-confidence": "50",
         "cfr-suspected-state-sponsor": "China",
@@ -5185,7 +5186,11 @@
           "https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403",
           "https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf",
           "https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf",
-          "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/"
+          "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/",
+          "https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html",
+          "https://www.sentinelone.com/labs/targets-of-interest-russian-organizations-increasingly-under-attack-by-chinese-apts/",
+          "https://go.recordedfuture.com/hubfs/reports/cta-2023-0919.pdf",
+          "https://www.recordedfuture.com/multi-year-chinese-apt-campaign-targets-south-korean-academic-government-political-entities"
         ],
         "synonyms": [
           "CactusPete",
@@ -5194,7 +5199,9 @@
           "COPPER",
           "Red Beifang",
           "G0131",
-          "PLA Unit 65017"
+          "PLA Unit 65017",
+          "Earth Akhlut",
+          "TAG-74"
         ]
       },
       "uuid": "0ab7c8de-fc23-4793-99aa-7ee336199e26",