SYMBOLCOMMON_NAMEaka. SYNONYMS

LOTUS PANDA  (Back to overview)

aka: Spring Dragon, ST Group, DRAGONFISH, BRONZE ELGIN, ATK1, G0030, Red Salamander, Lotus BLossom

Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia.


Associated Families
win.sagerunex

References
2022-11-15SymantecThreat Hunter Team
@online{team:20221115:billbug:f11d48d, author = {Threat Hunter Team}, title = {{Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries}}, date = {2022-11-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments-cert-authority}, language = {English}, urldate = {2022-11-15} } Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries
Sagerunex
2022-04-28PWCPWC UK
@techreport{uk:20220428:cyber:46707aa, author = {PWC UK}, title = {{Cyber Threats 2021: A Year in Retrospect}}, date = {2022-04-28}, institution = {PWC}, url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf}, language = {English}, urldate = {2023-07-02} } Cyber Threats 2021: A Year in Retrospect
BPFDoor APT15 APT31 APT41 APT9 BlackTech BRONZE EDGEWOOD DAGGER PANDA Earth Lusca HAFNIUM HAZY TIGER Inception Framework LOTUS PANDA QUILTED TIGER RedAlpha Red Dev 17 Red Menshen Red Nue VICEROY TIGER
2020SecureworksSecureWorks
@online{secureworks:2020:bronze:47c382d, author = {SecureWorks}, title = {{BRONZE ELGIN}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/bronze-elgin}, language = {English}, urldate = {2020-05-23} } BRONZE ELGIN
Elise LOTUS PANDA
2019MITREMITRE ATT&CK
@online{attck:2019:lotus:98bf87a, author = {MITRE ATT&CK}, title = {{Group description: Lotus Blossom}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0030/}, language = {English}, urldate = {2019-12-20} } Group description: Lotus Blossom
LOTUS PANDA
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:lotus:0652c75, author = {Cyber Operations Tracker}, title = {{Lotus Blossom}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/lotus-blossom}, language = {English}, urldate = {2019-12-20} } Lotus Blossom
LOTUS PANDA
2018-02-13RSAKevin Stear
@online{stear:20180213:lotus:4403066, author = {Kevin Stear}, title = {{Lotus Blossom Continues ASEAN Targeting}}, date = {2018-02-13}, organization = {RSA}, url = {https://community.rsa.com/community/products/netwitness/blog/2018/02/13/lotus-blossom-continues-asean-targeting}, language = {English}, urldate = {2020-01-09} } Lotus Blossom Continues ASEAN Targeting
LOTUS PANDA
2018AccentureBart Parys, Joshua Ray
@techreport{parys:2018:dragonfish:68a7bc2, author = {Bart Parys and Joshua Ray}, title = {{Dragonfish delivers New Form of Elise Malware targeting ASEAN Defence Ministers' Meeting and Associates}}, date = {2018}, institution = {Accenture}, url = {https://www.accenture.com/t20180127T003755Z_w_/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf}, language = {English}, urldate = {2020-06-18} } Dragonfish delivers New Form of Elise Malware targeting ASEAN Defence Ministers' Meeting and Associates
Elise LOTUS PANDA
2018Accenture SecurityKelly Bissell, Joshua Ray, Uwe Kissman, Ryan LaSalle, Gareth Russell
@techreport{bissell:2018:latest:1c1fba4, author = {Kelly Bissell and Joshua Ray and Uwe Kissman and Ryan LaSalle and Gareth Russell}, title = {{LATEST CYBER ESPIONAGE MALWARE ATTACKS}}, date = {2018}, institution = {Accenture Security}, url = {https://www.accenture.com/t00010101T000000Z__w__/gb-en/_acnmedia/PDF-46/Accenture-Security-Elise-Threat-Analysis.pdf}, language = {English}, urldate = {2020-01-08} } LATEST CYBER ESPIONAGE MALWARE ATTACKS
LOTUS PANDA
2017-07-24Kaspersky LabsNoushin Shabab
@online{shabab:20170724:spring:c3d274f, author = {Noushin Shabab}, title = {{Spring Dragon – Updated Activity}}, date = {2017-07-24}, organization = {Kaspersky Labs}, url = {https://securelist.com/spring-dragon-updated-activity/79067/}, language = {English}, urldate = {2019-12-20} } Spring Dragon – Updated Activity
LOTUS PANDA
2015-12-18Palo Alto Networks Unit 42Robert Falcone, Jen Miller-Osborn
@online{falcone:20151218:attack:e1f82ab, author = {Robert Falcone and Jen Miller-Osborn}, title = {{Attack on French Diplomat Linked to Operation Lotus Blossom}}, date = {2015-12-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/attack-on-french-diplomat-linked-to-operation-lotus-blossom/}, language = {English}, urldate = {2020-01-06} } Attack on French Diplomat Linked to Operation Lotus Blossom
LOTUS PANDA
2015-06-17Kaspersky LabsKurt Baumgartner
@online{baumgartner:20150617:spring:dc116aa, author = {Kurt Baumgartner}, title = {{The Spring Dragon APT}}, date = {2015-06-17}, organization = {Kaspersky Labs}, url = {https://securelist.com/blog/research/70726/the-spring-dragon-apt/}, language = {English}, urldate = {2019-12-20} } The Spring Dragon APT
Elise LOTUS PANDA
2015-06-16Palo Alto Networks Unit 42Unit42
@online{unit42:20150616:operation:264f1d1, author = {Unit42}, title = {{Operation Lotus Blossom: A New Nation-State Cyberthreat?}}, date = {2015-06-16}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/operation-lotus-blossom/}, language = {English}, urldate = {2020-01-09} } Operation Lotus Blossom: A New Nation-State Cyberthreat?
LOTUS PANDA

Credits: MISP Project