The threat actor behind Spring Dragon APT has been developing and updating its wide range of tools throughout the years, new attacks reported in South Asia.
According to a new report published by Kaspersky Lab, the China-linked APT group Spring Dragon (aka Lotus Blossom, Elise, and Esile) has used more than 600 malware samples in its attacks over the past years.
The Spring Dragon APT group is a state-sponsored group that has been around since at least 2012, but further evidence collected by the researchers suggests that it may have been active since 2007.
The APT group focused its cyber espionage campaigns on military and government organizations in Southeast Asia.
In June 2015, Trend Micro published a report on a targeted attack campaign of the group that hit organizations in various countries in the Southeast Asian region. The experts speculated the involvement of state-sponsored hackers due to the nature of the stolen information.
“The Esile targeted attack campaign targeting various countries in the Southeast Asian region has been discussed in the media recently. This campaign – which was referred to by other researchers as Lotus Blossom – is believed to be the work of a nation-state actor due to the nature of the stolen information, which is more valuable to countries than either private companies or cybercriminals.” wrote Trend Micro.
In October 2015, the Lotus Blossom group launched a new espionage campaign using fake invitations to Palo Alto Networks’ Cybersecurity Summit held in Jakarta, on November 3.