Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

New cyber attacks targeting government and military networks in SEA

Zafirah Salim | June 18, 2015
Dubbed “Operation Lotus Blossom”, this campaign dates as far back as three years; and involves targets in Hong Kong, Taiwan, Vietnam, the Philippines and Indonesia.

Palo Alto Networks' threat intelligence team, Unit 42, has uncovered a series of potentially state-sponsored cyber attacks targeting government and military organisations in countries across Southeast Asia.

Dubbed "Operation Lotus Blossom", the attacks appear to be an attempt to gain inside information on the operation of nation-states throughout the region. The campaign dates as far back as three years, and involves targets in Hong Kong, Taiwan, Vietnam, the Philippines and Indonesia.

According to the enterprise security company, over 50 separate attacks have been identified in "Operation Lotus Blossom" thus far. All these attacks use a custom-built Trojan, named "Elise" to deliver highly targeted spear phishing emails and gain an initial foothold on targeted systems.

Unit 42 believes the Elise malware was developed to specifically meet the unique needs of the operation, but is also used in other non-related attacks by the adversary.

The attacks, which display the use of custom-built tools, extensive resources, and persistence across multiple years, suggest a well-funded and organised team is behind them. Given these variables and the nature of the targets, Unit 42 also believes the motivation for the attacks is cyber espionage; and the actors behind them are associated with or sponsored by a nation-state with strong interests in the regional affairs of Southeast Asia.

"The Trojan backdoor and vulnerability exploits used in Operation Lotus Blossom aren't cutting-edge by today's standards, but these types of attacks can be detrimental if they are successful and give attackers access to sensitive data," said Ryan Olson, intelligence director, Unit 42, Palo Alto Networks.

"The fact that older vulnerabilities are still being used tells us that until organisations adopt a prevention-based mindset and take steps to improve cyber hygiene, cyber attackers will continue to use legacy methods because they still work well," he added.

 

Sign up for CIO Asia eNewsletters.