In early 2017, Kaspersky Lab researchers noted increased activity by an APT called Spring Dragon (also known as LotusBlossom).
The attacks involved new and evolved tools and techniques and targeted countries around the South China Sea. Kaspersky Lab’s experts have published their analysis of the attackers’ toolset over time in order to help organizations better understand the nature of the threat and protect themselves.
Spring Dragon is a long-running threat actor that has been targeting high profile political, governmental and educations organisations in Asia since 2012. Kaspersky Lab has been tracking the APT for the last few years.
In early 2017, Kaspersky Lab identified renewed attacks in the threat actor’s favoured South China Sea region. According to Kaspersky Lab telemetry, Taiwan had the largest number of attacks followed by Indonesia, Vietnam, the Philippines, Macau, Malaysia, Hong Kong and Thailand. To help organizations better understand and protect against the threat, Kaspersky Lab’s researchers have undertaken a detailed review of 600 Spring Dragon malware samples.
Kaspersky Lab’s overview of Spring Dragon’s tools shows that:
General Manager ANZ, Anastasia Para Rae says, “Organisations and businesses need to step up and manage risk on reputation and service guarantees. The average loss from a single targeted attack is close to $1,000,000 excluding reputational impact. In the event of cyberattack, a considerable investment is made for urgent response to improve software and infrastructure. The reverse needs to take place. We must not wait for attacks to happen for us to take precaution.”
GReAT. Senior Security Researcher, Noushin Shabab adds, “We believe that Spring Dragon is going to continue resurfacing regularly in the Asian region and it's important to be familiar with its tools and techniques. We encourage individuals and businesses to have good Yara rules and other detection mechanisms in place and strongly recommended they use – and regularly audit - a multi layered approach to security.”
In order to protect your personal or business data from cyberattacks, Kaspersky Lab advise the following: