Lotus Blossom

APT / StateG0030
Techniques (MITRE ATT&CK)21
SourceMITRE ATT&CK
Also known as:DRAGONFISHSpring DragonRADIUMRaspberry TyphoonBilbugThrip

Vexday analysis

Lotus Blossom (também referenciado como DRAGONFISH, Spring Dragon, RADIUM, Raspberry Typhoon, Bilbug e Thrip; identificador MITRE ATT&CK G0030) é um grupo de ameaça persistente avançada com atuação documentada desde pelo menos 2009, voltado predominantemente a entidades na Ásia. Seus alvos incluem organizações governamentais e afins, além de emissores de certificados digitais. O grupo possui 21 técnicas documentadas na base MITRE ATT&CK.

Techniques (MITRE ATT&CK) 21

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development
Tool
Execution
Windows Management Instrumentation
Persistence
Windows Service
Credential access
Steal Web Session Cookie
Discovery
Query RegistrySystem Network Configuration DiscoveryInternet Connection DiscoveryRemote System DiscoveryNetwork Service DiscoverySystem Network Connections DiscoveryFile and Directory DiscoveryLocal AccountDomain AccountDomain Trust Discovery
Collection
Local Data StagingArchive via UtilityArchive via Custom Method
Command and control
Internal ProxyMulti-hop Proxy
defense-impairment
Modify Registry
stealth
Access Token Manipulation

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

Lotus Blossom uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →