Summary: The threat actor known as Lotus Panda has intensified its operations against various sectors in Asia using updated versions of the Sagerunex backdoor. This group, which has been active since 2009, employs sophisticated techniques to maintain persistence and evade detection, utilizing legitimate services for command-and-control operations. The latest malware variants indicate ongoing evolution in their attack strategies and methodologies.
Affected: Government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan
Keypoints :
- Lotus Panda, also called Billbug, is a suspected Chinese hacking group linked to sophisticated cyber-attacks since at least 2009.
- The group has been observed using the Sagerunex backdoor, which has various new variants designed to exploit legitimate services for C2 tunneling.
- Attack tactics involve spear-phishing, reconnaissance commands, and tools like cookie stealers and open-source proxies to manipulate victim environments.
Source: https://thehackernews.com/2025/03/chinese-apt-lotus-panda-targets.html