Free Access
Blog

Lotus Panda: China’s Cyber Power

This image is about Lotus Panda, representing China's cyber power.

Introduction

Discovered in 2010 and originating from China, Lotus Panda is an APT group also known as Spring Dragon, ST Group, DRAGONFISH, BRONZE ELGIN, and many others.

Target and Sectoral Focus

Lotus Panda is targeting a wide geography in the Asia-Pacific region and the United States. In particular, countries such as Australia, Brunei, Cambodia, China, Hong Kong, India, Indonesia, Japan, Laos, Malaysia, Myanmar, Nepal, the Philippines, Saudi Arabia, Singapore, South Korea, Taiwan, Thailand, the United States and Vietnam are on the organization’s radar. Target sectors include defense, energy, government, law enforcement, media, and military. This wide range of targets shows that Lotus Panda is pursuing an effective information-gathering strategy on a regional and global scale.

Tools and Methods

Among the tools used by Lotus Panda are 8. t Dropper, Aria-body, Aria-body loader, ARL, BackBend, Backspace, Creamsicle, Flashflood, FoundCore, Gemcutter, HDoor, JadeRAT, LadonGo, Living off the Land, Milkmaid, Naikon, nbtscan, Nebulae, NetEagle, There are several sophisticated malware and tools such as NewCore RAT, Orangeade, PlugX, Quarks PwDump, RARSTONE, Sandboxie, Shipshape, Sisfader, Spaceship, SslMM, Sys10, TeamViewer, Viper, WinMM and xsPlus. The diversity of these tools shows that Lotus Panda has a wide operational capability and can create different types of cyber threats.

The way the tools are used reveals the breadth of the organization’s cyber attack and infiltration capabilities. In particular, tools in different categories such as reconnaissance, backdoor, keylogger, info stealer, tunneling, loader, dropper, etc. demonstrate the organization’s ability to infiltrate its targets, gather information, and secretly extract this information.

Conclusion

As part of China’s cyber power, Lotus Panda conducts complex cyber operations against various strategic targets across a wide geography.

As ThreatMon, we continuously monitor Lotus Panda and 1000+ known threat actors and APT groups and work to improve your defense mechanisms.

Try ThreatMon’s Free Premium Access feature to avoid sophisticated attacks by the Lotus Panda APT group and keep your systems secure!

 

More posts

This image is about monthly vulnerabilities for September 2024.
Peek into Monthly Vulnerabilities: September 2024
October 9, 2024
This image is about the ServiceNow data leak.
ServiceNow Data Leak: Risks of Misconfigured Knowledge Bases
September 18, 2024
This image is about monthly vulnerabilities for July 2024.
Peek into Monthly Vulnerabilities: July 2024
August 12, 2024
This image is about cyber strategies for the Paris Olympics 2024.
Securing the Games: Cyber Strategies for Paris Olympics 2024
August 9, 2024
This image is about Russian influence operations targeting the Paris Olympics 2024.
Hunter’s Lens: Russian Influence Operations Targeting the Paris Olympics 2024
August 2, 2024
View All
advanced divider

Share this article

Found it interesting? Don’t hesitate to share it to wow your friends or colleagues
advanced divider
Subscribe to our blog newsletter to follow the latest posts
Stay informed with the latest updates, expert insights, and in-depth analysis from ThreatMon’s cybersecurity intelligence. Subscribe to receive critical news, threat reports, and industry trends directly in your inbox, helping you stay ahead of emerging cyber threats.

Platform

Subscriptions

Solutions

Resources

Partner

Company

© 2024 ThreatMon. All rights reserved.
X-twitter Linkedin-in Github