Active in advanced hacks since 2009, APT Billbug (aka Lotus Blossom, Thrip) is still going strong

guest · Nov 16, 2022

China-linked APT Billbug breached a certificate authority in Asia
By Pierluigi Paganini - November 15, 2022

State-sponsored actors compromised a digital certificate authority in a country in Asia as part of a cyber espionage campaign aimed at multiple government agencies in the region, Symantec warns.
Click to expand...

Symantec attributes the attack to a China-linked cyberespionage group tracked as Billbug (aka Lotus Blossom, Thrip). The attribution is based on the use of tools previously attributed to this APT group.

n 2019 Symantec researchers reported that the group was using the backdoors Hannotog (Backdoor.Hannotog) and Sagerunex (Backdoor.Sagerunex), which were both used in the recent campaign.

“The victims in this campaign included a certificate authority, as well as government and defense agencies.” reads the report published by Symantec. “All the victims were based in various countries in Asia. Billbug is known to focus on targets in Asian countries. In at least one of the government victims, a large number of machines on the network were compromised by the attackers.”
Click to expand...

Symantec: Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries

November 15, 2022
Campaign has been ongoing for at least the last six months.
State-sponsored actors compromised a digital certificate authority in an Asian country during a campaign in which multiple government agencies were also targeted.

The victims in this campaign included a certificate authority, as well as government and defense agencies. All the victims were based in various countries in Asia. Billbug is known to focus on targets in Asian countries. In at least one of the government victims, a large number of machines on the network were compromised by the attackers.
Click to expand...

Log in or Sign up

Active in advanced hacks since 2009, APT Billbug (aka Lotus Blossom, Thrip) is still going strong

guest Guest

Log in or Sign up

Active in advanced hacks since 2009, APT Billbug (aka Lotus Blossom, Thrip) is still going strong

guest Guest

Useful Searches