← All Threat Actors
Threat Actor Profile

Lotus Blossom

ATK 1 ATK 78 Bilbug CTG-8171 DRAGONFISH G0030 Lotus Panda RADIUM Raspberry Typhoon Spring Dragon Thrip
▲ High Threat
[Lotus Blossom](https://attack.mitre.org/groups/G0030) is a long-standing threat group largely targeting various entities in Asia since at least 2009. In addition to government and related targets, [Lotus Blossom](https://attack.mitre.org/groups/G0030) has also targeted entities such as digital certificate issuers.(Citation: Lotus Blossom Jun 2015)(Citation: Symantec Bilbug 2022)(Citation: Cisco LotusBlossom 2025)
Origin

Known TTPs

System Network Configuration Discovery
Windows Service
Domain Account
Local Data Staging
Access Token Manipulation
Local Account
Internal Proxy
Steal Web Session Cookie
Modify Registry
System Network Connections Discovery
Windows Management Instrumentation
Domain Trust Discovery
Internet Connection Discovery
Multi-hop Proxy
Tool
Remote System Discovery
File and Directory Discovery
Archive via Custom Method
Archive via Utility
Network Service Discovery
Query Registry

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD