In June 2022, a malicious newsletter was discovered, which is aimed at several dozen Russian companies, including those that work in an IT sector.
According to Group-Ib, these attacks were committed by the Chinese group Tonto Team, which is also called Heartbeat and Karma Panda. They used malicious Microsoft Office documents created using Royal Road Weaponizer, which, according to Group-Ib, was already associated with Chinese learning groups. Also, during the investigation, Bisonal.Doublet was discovered, which is the development of Tonto Team.
/Media reports cited above.