Better known as Lotus Panda, a cyber-espionage group tied to China, deploys tailor-made malware in attacks on Southeast Asian governments and firms.
Intelligence reports reveal a China-affiliated cyber-espionage group quietly penetrated critical Southeast Asian targets using bespoke malware late last year and into 2025.
A China-linked group known as Billbug—also called Lotus Panda or Lotus Blossom—has been quietly targeting government, telecom, media, and manufacturing sectors across Southeast Asia, using outdated yet legitimate security binaries to smuggle malware into systems, according to Symantec’s latest threat analysis.
Billbug’s cyber campaigns may now reach into the private sector, but their geographic focus remains sharply fixed on Southeast Asia, says Symantec’s Dick O’Brien.
Initially exposed in 2015, by Palo Alto Networks, Billbug (aka Lotus Blossom) has been active since 2012, with operations focused on Southeast Asia—culminating in a 2022 compromise of a regional digital certificate authority.
