Chinese APT Billbug deploys new malware toolset in attack on multiple sectors

Posted on by

Chinese cyberespionage group Billbug has revamped its attack toolkit with new malware payloads in a wide-reaching campaign targeting multiple organizations in Southeast Asia. The new tools, which include credential stealers, a reverse shell, and an updated backdoor, were observed in attacks that lasted from August to February.

“Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company,” researchers from Broadcom’s Symantec division wrote in a report on the activity. “In addition to this, the group staged an intrusion against a news agency located in another country in Southeast Asia and an air freight organization located in another neighboring country.”

Billbug, also known in the security industry as Lotus Blossom, Lotus Panda, Bronze Elgin, or Spring Dragon, is a cyberespionage group with suspected ties to the Chinese government that’s focused on obtaining intelligence from other Asian countries. It has been operating since at least 2009, mainly targeting government and military organizations.