Palo Alto Networks has uncovered a series of potentially state-sponsored cyber attacks targeting government and military organizations in countries throughout Southeast Asia.
The attacks were discovered by the Palo Alto Networks Unit 42 threat intelligence team and dubbed as Operation Lotus Blossom and over 50 separate attacks have been identified in the operation.
According to the company, the attacks attempt to gain inside information on the operation of nation-states throughout the region.
The campaign dates as far back as three years and involves targets in Hong Kong, Taiwan, Vietnam, the Philippines and Indonesia.
All the attacks use a custom-built Trojan, Elise, to deliver highly targeted spear phishing emails and gain an initial foothold on targeted systems.
The threat intelligent team believes the Elise malware was developed to meet the unique needs of the operation and also is being used in other non-related attacks.
Additionally, the attacks display the use of custom-build tools, extensive resources and persistence across multiple years; also suggest a funded and organized team is behind them.
Security analyst can correlate and interrogate security events from over 6,000 WildFire subscribers and other threat intelligence sources.
The attacks are automatically prevented for all Palo Alto Networks Threat Prevention and WildFire subscribers.
Few days ago, Palo Alto Networks enhanced security platform to safely enable applications and prevent cyber breaches.
Last month, Palo Alto Networks acquired CirroSecure to strengthen SaaS application security offering.
Shilpa Khatri
