216.73.217.139

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools

· Published 04/04/2025 19:54 · Modified 07/04/2025 08:04

Export JSON

Essential information

Published
04/04/2025 19:54
Modified
07/04/2025 08:04
Tags
2025-02-27 2025-04-04 apt backdoor cloud services espionage evora lotus blossom multi-stage attack persistence sagerunex vmprotect
Related entities
1 intrusion sets (apt), 20 techniques (mitre), 2 malware, 7 others

Description

The group has been conducting cyber campaigns targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan. The group employs various versions of the , including new variants that use like Dropbox, Twitter, and Zimbra for command and control. utilizes multiple hacking tools and techniques to maintain long-term in compromised networks. The attacks involve multi-stage operations, including reconnaissance, lateral movement, and data exfiltration. The group has been active since at least 2012 and continues to evolve its tactics and malware to evade detection.

External references