Threat Intelligence, Incident Response, Malware, TDR, Threat Management

‘Lotus Blossom’ cyberattacks hit military, gov’t targets in Southeast Asia


A cyberespionage campaign dubbed “Operation Lotus Blossom” has carried out more than 50 attacks against government and military organizations across Southeast Asia over the last three years, according to researchers from Palo Alto Networks's Unit 42.

The attackers used spearphishing emails that typically included a decoy file and exploit code for a well-known Microsoft Office vulnerability, CVE-2012-0158 as its primary attack vector, according to a report released by the researchers on Tuesday. Once downloaded, a Trojan backdoor named “Elise” gave Lotus Blossom its initial foothold into the network. After that, the decoy file appears, tricking users into thinking the file opened correctly.  

The campaign is believed to be state-sponsored entity because the information targeted in the attacks is most valuable to other nation states rather than to criminal actors, the report said. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.