Summary: A sophisticated cyber espionage campaign by the Lotus Blossom group has been uncovered, targeting various sectors in Southeast Asia, including government and telecommunications. Utilizing the advanced Sagerunex backdoor since at least 2012, the group employs multiple techniques for stealthy long-term infiltration and data exfiltration. This operation highlights the persistent nature of state-sponsored attacks and adaptability in their tactics to avoid detection.
Affected: Southeast Asian governments, manufacturing, telecommunications, and media sectors
Keypoints :
- Lotus Blossom group has been active in cyber espionage since 2012, with ongoing operations using the Sagerunex backdoor.
- The Sagerunex RAT employs third-party cloud services for C2 communication to evade traditional security measures.
- Multiple hacking tools are utilized alongside Sagerunex for credential theft, privilege escalation, and deeper network infiltration.
Source: https://securityonline.info/lotus-blossom-hackers-target-southeast-asia-with-sagerunex-backdoor/