Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Lotus Blossom espionage group has been conducting cyber espionage campaigns targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan. The group employs various versions of the Sagerunex backdoor, including new variants that use cloud services like Dropbox, Twitter, and Zimbra for command and control. Lotus Blossom utilizes multiple hacking tools and techniques to maintain long-term persistence in compromised networks. The attacks involve multi-stage operations, including reconnaissance, lateral movement, and data exfiltration. The group has been active since at least 2012 and continues to evolve its tactics and malware to evade detection.
OPENCTI LABELS :
backdoor,sagerunex,evora,lotus blossom
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools