Summary: A report by Symantec’s Threat Hunter Team has revealed a significant espionage campaign by the Billbug group, primarily targeting entities in Southeast Asia, including government and telecom sectors. The group demonstrated advanced tactics, including DLL sideloading and the deployment of custom-built tools to carry out its operations. Organizations in affected regions are urged to enhance their cybersecurity defenses in response to these evolving threats.
Affected: Various organizations in Southeast Asia, including government ministries, air traffic control, telecoms, and construction companies.
Keypoints :
- Billbug, also known as Lotus Blossom or Bronze Elgin, has been active since at least 2009, with a history of targeting government and military entities.
- The campaign, spanning from August 2024 to February 2025, involved advanced techniques, including the misuse of trusted software to execute malicious DLLs.
- New custom tools were deployed for credential extraction, remote access, and forensic evasion, indicating the groupβs adaptability and sophistication.