The Chinese speaking ATP group Spring Dragon, also known as LotusBlossom has increased attacks against high-profile organizations around the South China Sea. Security researchers from Kaspersky rmanaged to collect more than 600 samples of malware from the group suggesting they are operating on a massive scale. The group is known for using spear-phishing and watering hole techniques to target governmental organisations and political parties, educational institutions, as well as companies from the telecommunications sector, amongst others. As per the researchers, the threat actors behind the campaigns have been developing and updating their range of tools, which consists of various backdoor modules with unique characteristics and functionalities, throughout the years. The threat actors own a large C2 infrastructure which comprises more than 200 unique IP addresses and C2 domains and all the backdoor modules in the APT’s toolset are capable of downloading more files onto the victim’s machine, uploading files to the attacker’s servers, and also executing any executable file or any command on the victim’s machine, researchers.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street