Lotus Blossom, Spring Dragon, Thrip

[2015-06] operation �lotus Blossom� (today Unit 42 Published New Research Identifying A Persistent Cyber Espionage Campaign Targeting Government And Military Organizations In Southeast Asia. The Adversary Group Responsible For The Campaign, Which We Named �lotus Blossom,� Is Well Organized And Likely State-sponsored, With Support From A Country That Has Interests In Southeast Asia. The Campaign Has Been In Operation For Some Time; We Have Identified Over 50 Different Attacks Taking Place Over The Past Three Years. (https://unit42.paloaltonetworks.com/operation-lotus-blossom/)

[2015-11] attack On French Diplomat (we Observed A Targeted Attack In November Directed At An Individual Working For The French Ministry Of Foreign Affairs. The Attack Involved A Spear-phishing Email Sent To A Single French Diplomat Based In Taipei, Taiwan And Contained An Invitation To A Science And Technology Support Group Event. (https://unit42.paloaltonetworks.com/attack-on-french-diplomat-linked-to-operation-lotus-blossom/)

[2017 Early] in The Beginning Of 2017, Kaspersky Lab Became Aware Of New Activities By An Apt Actor We Have Been Tracking For Several Years Called Spring Dragon (also Known As Lotusblossom). (information About The New Attacks Arrived From A Research Partner In Taiwan And We Decided To Review The Actor�s Tools, Techniques And Activities. (using Kaspersky Lab Telemetry Data We Detected The Malware In Attacks Against Some High-profile Organizations Around The South China Sea. (https://securelist.com/spring-dragon-updated-activity/79067/)

[2018-01] attacks On Association Of South East Asian Nations (asean) Countries (during The Last Weeks Of January (2018), Nation State Actors From Lotus Blossom Conducted A Targeted Malware Spam Campaign Against The Association Of South East Asian Nations (asean) Countries. (https://community.rsa.com/community/products/netwitness/blog/2018/02/13/lotus-blossom-continues-asean-targeting (https://www.accenture.com/t20180127t003755z_w_/us-en/_acnmedia/pdf-46/accenture-security-dragonfish-threat-analysis.pdf)

[2018-01] back In January 2018, Taa Triggered An Alert At A Large Telecoms Operator In Southeast Asia. (https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets)

[2018-06] since Symantec First Exposed The Thrip Group In 2018, The Stealthy China-based Espionage Group Has Continued To Mount Attacks In South East Asia, Hitting Military Organizations, Satellite Communications Operators, And A Diverse Range Of Other Targets In The Region. (https://www.symantec.com/blogs/threat-intelligence/thrip-apt-south-east-asia)

[2022-03] billbug: State-sponsored Actor Targets Cert Authority, Government Agencies In Multiple Asian Countries (https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments-cert-authority