A cyberespionage campaign dubbed “Operation Lotus Blossom” has carried out more than 50 attacks against government and military organizations across Southeast Asia over the last three years, according to researchers from Palo Alto Networks's Unit 42.
The attackers used spearphishing emails that typically included a decoy file and exploit code for a well-known Microsoft Office vulnerability, CVE-2012-0158 as its primary attack vector, according to a report released by the researchers on Tuesday. Once downloaded, a Trojan backdoor named “Elise” gave Lotus Blossom its initial foothold into the network. After that, the decoy file appears, tricking users into thinking the file opened correctly.
The campaign is believed to be state-sponsored entity because the information targeted in the attacks is most valuable to other nation states rather than to criminal actors, the report said.