GEC NEWS WIREPalo Alto Networks Unit 42 Uncovers New Cyberattacks Targeting Government and Military Networks in Southeast Asia
Dark clouds are hovering in countries throughout Southeast Asia due to a series of potentially state-sponsored cyberattacks targeting government and military, according to a research shared by Palo Alto.
Discovered by the Palo Alto Networks Unit 42 threat intelligence team and dubbed “Operation Lotus Blossom”, the attacks appear to be an attempt to gain inside information on the operation of nation-states throughout the region. The campaign dates as far back as three years and involves targets in Hong Kong, Taiwan, Vietnam, the Philippines and Indonesia. Over 50 separate attacks have been identified in Operation Lotus Blossom. They all use a custom-built Trojan, named “Elise” to deliver highly targeted spear phishing emails and gain an initial foothold on targeted systems.
Saeed Agha, General Manager, Palo Alto Networks Middle East, said that the Unit 42 team discovered the Lotus Blossom campaign using the recently announced Palo Alto Networks AutoFocus service, which allowed the team’s security analysts to correlate and interrogate security events from over 6,000 WildFire subscribers and other threat intelligence sources. These attacks are automatically prevented for all Palo Alto Networks Threat Prevention and WildFire subscribers. Others are encouraged to check their networks for signs of intrusion and add relevant indicators to their security controls, all of which are detailed in the full report.
“The Trojan backdoor and vulnerability exploits used in Operation Lotus Blossom aren’t cutting-edge by today’s standards, but these types of attacks can be detrimental if they are successful and give attackers access to sensitive data.” Said Ryan Olson, intelligence director, Unit 42, Palo Alto Networks.
With the AutoFocus service, security practitioners gain instant access to actionable intelligence derived from billions of file analysis artifacts based on the files collected from of over 5,000 global enterprises, service providers, and government organization routinely targeted by advanced, targeted attacks.
