Cyber Resilience

Threat actor · all actors

Tonto TeamG0131 state

🇨🇳 CN

aka Tonto Team, Earth Akhlut, BRONZE HUNTLEY, CactusPete, Karma Panda

Last updated: 2026-07-03

2attributed CVEs
23ATT&CK techniques
5.5IDF score (tooling uniqueness)
1exclusive CVEs
2019–2026years active

About this actor

[Tonto Team](https://attack.mitre.org/groups/G0131) is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted South Korea, Japan, Taiwan, and the United States since at least 2009; by 2020 they expanded operations to include other Asian as well as Eastern European countries. [Tonto Team](https://attack.mitre.org/groups/G0131) has targeted government, military, energy, mining, financial, education, healthcare, and technology organizations, including through the Heartbeat Campaign (2009-2012) and Operation Bitter Biscuit (2017).(Citation: Kaspersky CactusPete Aug 2020)(Citation: ESET Exchange Mar 2021)(Citation: FireEye Chinese Espionage October 2019)(Citation: ARS Technica China Hack SK April 2017)(Citation: Trend Micro HeartBeat Campaign January 2013)(Citation: Talos Bisonal 10 Years March 2020)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2019-9489 5.57.50.02262019-04-05see CVE
CVE-2026-20929 5.57.50.01142026-01-13see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-419 / 2383%
CM-618 / 2378%
CM-217 / 2374%
SI-316 / 2370%
CA-713 / 2357%
AC-412 / 2352%
CM-712 / 2352%
SI-212 / 2352%
SI-712 / 2352%
AC-610 / 2343%
SC-710 / 2343%
AC-29 / 2339%
AC-39 / 2339%
RA-59 / 2339%
SI-108 / 2335%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs

Same nation-state