Introduction
Discovered in 2010 and originating from China, Lotus Panda is an APT group also known as Spring Dragon, ST Group, DRAGONFISH, BRONZE ELGIN, and many others.
Target and Sectoral Focus
Lotus Panda is targeting a wide geography in the Asia-Pacific region and the United States. In particular, countries such as Australia, Brunei, Cambodia, China, Hong Kong, India, Indonesia, Japan, Laos, Malaysia, Myanmar, Nepal, the Philippines, Saudi Arabia, Singapore, South Korea, Taiwan, Thailand, the United States and Vietnam are on the organization’s radar. Target sectors include defense, energy, government, law enforcement, media, and military. This wide range of targets shows that Lotus Panda is pursuing an effective information-gathering strategy on a regional and global scale.
Tools and Methods
Among the tools used by Lotus Panda are 8. t Dropper, Aria-body, Aria-body loader, ARL, BackBend, Backspace, Creamsicle, Flashflood, FoundCore, Gemcutter, HDoor, JadeRAT, LadonGo, Living off the Land, Milkmaid, Naikon, nbtscan, Nebulae, NetEagle, There are several sophisticated malware and tools such as NewCore RAT, Orangeade, PlugX, Quarks PwDump, RARSTONE, Sandboxie, Shipshape, Sisfader, Spaceship, SslMM, Sys10, TeamViewer, Viper, WinMM and xsPlus. The diversity of these tools shows that Lotus Panda has a wide operational capability and can create different types of cyber threats.
The way the tools are used reveals the breadth of the organization’s cyber attack and infiltration capabilities. In particular, tools in different categories such as reconnaissance, backdoor, keylogger, info stealer, tunneling, loader, dropper, etc. demonstrate the organization’s ability to infiltrate its targets, gather information, and secretly extract this information.
Conclusion
As part of China’s cyber power, Lotus Panda conducts complex cyber operations against various strategic targets across a wide geography.
As ThreatMon, we continuously monitor Lotus Panda and 1000+ known threat actors and APT groups and work to improve your defense mechanisms.
Try ThreatMon’s Free Premium Access feature to avoid sophisticated attacks by the Lotus Panda APT group and keep your systems secure!
