Lotus Blossom APT

The Lotus Bloom APT (Advanced Persistent Threat) is a hacking group that originates from China. This APT is also known under the alias DRAGONFISH. Malware experts first spotted the Lotus Bloom hacking group back in 2015. In this early campaign, the Lotus Bloom APT had deployed a hacking tool known as the Elise Malware against its targets. The Lotus Bloom APT tends to go after government institutions or defense contractors.

The Lotus Bloom APT has been active in the past three years, particularly – this hacking group is known to have launched over 50 separate attacks in this timeframe. The Lotus Bloom APT has targeted organizations located in the Philippines, Taiwan, Hong Kong, etc. The most commonly utilized propagation method by the Lotus Bloom APT is spear-phishing emails. Usually, the emails in question would contain a corrupted attachment, which, upon execution, would exploit known vulnerabilities in popular software services. To trick users into opening the bogus emails, the Lotus Bloom APT would use contemporary topics, which are making headlines around the world.

Furthermore, the corrupted attachment also would contain a decoy file that is meant to grab the attention of the target. The file in question would appear legitimate because it will work as intended. However, the user will be unaware that the seemingly harmless file is completing nefarious tasks in the background.

One of the most used hacking tools by the Lotus Bloom APT is the Elise Malware. Despite the fact that this threat is over five years old, the Lotus Bloom APT is still using it in many of its campaigns. Over the years, the Lotus Bloom APT has made sure to improve the Elise Malware by introducing various updates and upgrades. The Elise Malware is able to avoid sandbox environments, which allows this threat to operate silently and avoid detection by cybersecurity experts.

Make sure your PC is protected by a reputable anti-virus software suite, and do not forget to update all your applications regularly.