OceanLotus Hacker Group Targets Xinchuang IT Ecosystems https://packetstorm.news/news/view/39743 #news
December 8, 2025 at 5:01 PM
OceanLotus Hacker Group Targets Xinchuang IT Ecosystems https://packetstorm.news/news/view/39743 #news
OceanLotus Hacker Group Targeting Xinchuang IT Ecosystems to Launch Supply Chain Attacks
OceanLotus Hacker Group Targeting Xinchuang IT Ecosystems to Launch Supply Chain Attacks
cybersecuritynews.com
December 8, 2025 at 11:18 AM
OceanLotus Hacker Group Targeting Xinchuang IT Ecosystems to Launch Supply Chain Attacks
OceanLotus Hacker Group Targeting Xinchuang IT Ecosystems to Launch Supply Chain Attacks The OceanLotus hacker group, widely tracked as APT32, has initiated a highly targeted surveillance campaign ...
#Cyber #Security #News #Threats #cyber #security #cyber #security #news
Origin | Interest | Match
#Cyber #Security #News #Threats #cyber #security #cyber #security #news
Origin | Interest | Match
OceanLotus Hacker Group Targeting Xinchuang IT Ecosystems to Launch Supply Chain Attacks
APT32 is targeting China’s Xinchuang ecosystem, exploiting domestic IT systems to infiltrate sensitive state and industrial networks.
cybersecuritynews.com
December 8, 2025 at 1:27 PM
3/3
Researchers warn Transparent Tribe is expanding cross-platform espionage ops alongside Bitter, SideWinder, and OceanLotus, marking an escalating South Asian cyber arms race. #CyberSecurity #APT #ThreatIntel
Researchers warn Transparent Tribe is expanding cross-platform espionage ops alongside Bitter, SideWinder, and OceanLotus, marking an escalating South Asian cyber arms race. #CyberSecurity #APT #ThreatIntel
October 27, 2025 at 8:52 AM
3/3
Researchers warn Transparent Tribe is expanding cross-platform espionage ops alongside Bitter, SideWinder, and OceanLotus, marking an escalating South Asian cyber arms race. #CyberSecurity #APT #ThreatIntel
Researchers warn Transparent Tribe is expanding cross-platform espionage ops alongside Bitter, SideWinder, and OceanLotus, marking an escalating South Asian cyber arms race. #CyberSecurity #APT #ThreatIntel
APT | 海莲花组织Havoc远控木马分析 - APT | Analysis of the OceanLotus Havoc Remote Access Trojan
APT | 海莲花组织Havoc远控木马分析 - APT | Analysis of the OceanLotus Havoc Remote Access Trojan
mp.weixin.qq.com
October 11, 2025 at 5:39 PM
APT | 海莲花组织Havoc远控木马分析 - APT | Analysis of the OceanLotus Havoc Remote Access Trojan
疑似APT-C-00(海莲花)投递Havoc木马 - Suspected APT-C-00 (OceanLotus) delivering the Havoc Trojan
疑似APT-C-00(海莲花)投递Havoc木马 - Suspected APT-C-00 (OceanLotus) delivering the Havoc Trojan
mp.weixin.qq.com
September 20, 2025 at 2:10 PM
疑似APT-C-00(海莲花)投递Havoc木马 - Suspected APT-C-00 (OceanLotus) delivering the Havoc Trojan
1/3
🚨 A new campaign dubbed DarkSamural—a subspecies of OceanLotus—has targeted high-value orgs in Pakistan. Using malicious LNK & MSC files with GrimResource, attackers delivered multi-stage payloads to steal data. Researchers now link it to Patchwork.
#Cybersecurity #DarkSamural #APT #Infosec
🚨 A new campaign dubbed DarkSamural—a subspecies of OceanLotus—has targeted high-value orgs in Pakistan. Using malicious LNK & MSC files with GrimResource, attackers delivered multi-stage payloads to steal data. Researchers now link it to Patchwork.
#Cybersecurity #DarkSamural #APT #Infosec
September 10, 2025 at 11:13 AM
1/3
🚨 A new campaign dubbed DarkSamural—a subspecies of OceanLotus—has targeted high-value orgs in Pakistan. Using malicious LNK & MSC files with GrimResource, attackers delivered multi-stage payloads to steal data. Researchers now link it to Patchwork.
#Cybersecurity #DarkSamural #APT #Infosec
🚨 A new campaign dubbed DarkSamural—a subspecies of OceanLotus—has targeted high-value orgs in Pakistan. Using malicious LNK & MSC files with GrimResource, attackers delivered multi-stage payloads to steal data. Researchers now link it to Patchwork.
#Cybersecurity #DarkSamural #APT #Infosec
DarkSamural APT Group Deploys LNK/PDF Malware to Steal Critical Information DarkSamural, a newly identified subspecies of the notorious OceanLotus APT, has launched a sophisticated campaign targeti...
#APT #Cyberf="/hashtag/cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#cyber #Security/hashtag/security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#security #Cyber #Security #News #Malware #DarkSamural
Origin | Interest | Match
#APT #Cyberf="/hashtag/cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#cyber #Security/hashtag/security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#security #Cyber #Security #News #Malware #DarkSamural
Origin | Interest | Match
DarkSamural APT Group Deploys LNK/PDF Malware to Steal Critical Information
DarkSamural, a newly identified subspecies of the notorious OceanLotus APT, has launched a sophisticated campaign targeting high-value organizations in Pakistan.
gbhackers.com
September 10, 2025 at 6:56 AM
DarkSamural APT Group Deploys LNK/PDF Malware to Steal Critical Information DarkSamural, a newly identified subspecies of the notorious OceanLotus APT, has launched a sophisticated campaign targeti...
#APT #Cyberf="/hashtag/cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#cyber #Security/hashtag/security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#security #Cyber #Security #News #Malware #DarkSamural
Origin | Interest | Match
#APT #Cyberf="/hashtag/cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#cyber #Security/hashtag/security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#security #Cyber #Security #News #Malware #DarkSamural
Origin | Interest | Match
Operation (Giỗ Tổ Hùng Vương) Hurricane: New OceanLotus Group Revealed in Espionage Campaigns securityonline.info/operation-gi...
Operation (Giỗ Tổ Hùng Vương) Hurricane: New OceanLotus Group Revealed in Espionage Campaigns
Learn about the sophisticated cyber-espionage tactics of the New OceanLotus group. Discover how they target critical sectors with advanced techniques and leverage zero-day vulnerabilities.
securityonline.info
January 23, 2025 at 6:47 AM
Operation (Giỗ Tổ Hùng Vương) Hurricane: New OceanLotus Group Revealed in Espionage Campaigns securityonline.info/operation-gi...
-DrugHub leaks real IP addresses
-Fake Fortinet leak installs malware
-Spam bomb campaigns lead to ransomware
-New Murdoc botnet
-More details on the US' alleged hacks in China
-DPRK's Operation 99 campaign
-New FakeTicketer APT targets victims with sporting event tickets
-OceanLotus comeback
-Fake Fortinet leak installs malware
-Spam bomb campaigns lead to ransomware
-New Murdoc botnet
-More details on the US' alleged hacks in China
-DPRK's Operation 99 campaign
-New FakeTicketer APT targets victims with sporting event tickets
-OceanLotus comeback
January 22, 2025 at 1:52 PM
-DrugHub leaks real IP addresses
-Fake Fortinet leak installs malware
-Spam bomb campaigns lead to ransomware
-New Murdoc botnet
-More details on the US' alleged hacks in China
-DPRK's Operation 99 campaign
-New FakeTicketer APT targets victims with sporting event tickets
-OceanLotus comeback
-Fake Fortinet leak installs malware
-Spam bomb campaigns lead to ransomware
-New Murdoc botnet
-More details on the US' alleged hacks in China
-DPRK's Operation 99 campaign
-New FakeTicketer APT targets victims with sporting event tickets
-OceanLotus comeback
OceanLotus、有害なCobalt Strikeプラグインで中国のサイバーセキュリティ担当者を攻撃 | Codebook|Security News https://codebook.machinarecord.com/threatreport/36951/
January 18, 2025 at 8:29 AM
OceanLotus、有害なCobalt Strikeプラグインで中国のサイバーセキュリティ担当者を攻撃 | Codebook|Security News https://codebook.machinarecord.com/threatreport/36951/
#OceanLotus
103.91.67.74:4443 (Malaysia IP)
UnTrusted Certificate:
Organization:The Visiting Nurse Association of Texas
CommonName:atlas.vnatexas[.org
threatbook.io/ip/103.91.67.74
Credit:
x.com/blackorbird/...
103.91.67.74:4443 (Malaysia IP)
UnTrusted Certificate:
Organization:The Visiting Nurse Association of Texas
CommonName:atlas.vnatexas[.org
threatbook.io/ip/103.91.67.74
Credit:
x.com/blackorbird/...
x.com
x.com
December 3, 2024 at 3:52 PM
#OceanLotus
103.91.67.74:4443 (Malaysia IP)
UnTrusted Certificate:
Organization:The Visiting Nurse Association of Texas
CommonName:atlas.vnatexas[.org
threatbook.io/ip/103.91.67.74
Credit:
x.com/blackorbird/...
103.91.67.74:4443 (Malaysia IP)
UnTrusted Certificate:
Organization:The Visiting Nurse Association of Texas
CommonName:atlas.vnatexas[.org
threatbook.io/ip/103.91.67.74
Credit:
x.com/blackorbird/...
Group-IB uncovers #LotusBane, an advanced threat actor using sophisticated methods like DLL side-loading for potato espionage in Vietnam. Similarities with OceanLotus raise concerns.
themashernews.com/2024/03/new-...
#potatosecurity #mashing
themashernews.com/2024/03/new-...
#potatosecurity #mashing
March 6, 2024 at 9:42 PM
Group-IB uncovers #LotusBane, an advanced threat actor using sophisticated methods like DLL side-loading for potato espionage in Vietnam. Similarities with OceanLotus raise concerns.
themashernews.com/2024/03/new-...
#potatosecurity #mashing
themashernews.com/2024/03/new-...
#potatosecurity #mashing
Group-IB uncovers #LotusBane, an advanced threat actor using sophisticated methods like DLL side-loading for cyber espionage in Vietnam. Similarities with OceanLotus raise concerns.
thehackernews.com/2024/03/new-...
#cybersecurity #hacking
thehackernews.com/2024/03/new-...
#cybersecurity #hacking
New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities
Lotus Bane APT targets Vietnamese financial entity, first detected in March 2023.
thehackernews.com
March 6, 2024 at 8:33 PM
Group-IB uncovers #LotusBane, an advanced threat actor using sophisticated methods like DLL side-loading for cyber espionage in Vietnam. Similarities with OceanLotus raise concerns.
thehackernews.com/2024/03/new-...
#cybersecurity #hacking
thehackernews.com/2024/03/new-...
#cybersecurity #hacking
One of the highlights is that moment when QiAnXin, a Chinese cyber security firm, finds out that APT-Q-77 (its nickname for APT29) impersonated QiAnXin in a phishing campaign presumably alerting about another threat, OceanLotus
February 14, 2024 at 5:36 PM
One of the highlights is that moment when QiAnXin, a Chinese cyber security firm, finds out that APT-Q-77 (its nickname for APT29) impersonated QiAnXin in a phishing campaign presumably alerting about another threat, OceanLotus
APT32 (OceanLotus): A Deep Dive into a Sophisticated Threat Actor - https://medium.com/@huntressofthreats/apt32-oceanlotus-a-deep-dive-into-a-sophisticated-threat-actor-4e308e458023?source=rss------cybersecurity-5
APT32 (OceanLotus): A Deep Dive into a Sophisticated Threat Actor
<div><p><a href="https://medium.com/@huntressofthreats/apt32-oceanlotus-a-deep-dive-into-a-sophisticated-threat-actor-4e308e458023?source=rss------cybersecurity-5"><img src="https://cdn-images-1.medium.com/max/1280/1*A9009j-Y1Ij3F_MZEUOTtQ.jpeg" width="1280" alt="1*A9009j-Y1Ij3F_MZEUOTtQ.jpeg"></a></p><p>APT32, also known as OceanLotus, is a highly sophisticated and persistent cyber espionage group with origins in Vietnam. This notorious…</p><p><a href="https://medium.com/@huntressofthreats/apt32-oceanlotus-a-deep-dive-into-a-sophisticated-threat-actor-4e308e458023?source=rss------cybersecurity-5">Continue reading on Medium »</a></p></div>
medium.com
July 19, 2023 at 2:18 AM
APT32 (OceanLotus): A Deep Dive into a Sophisticated Threat Actor - https://medium.com/@huntressofthreats/apt32-oceanlotus-a-deep-dive-into-a-sophisticated-threat-actor-4e308e458023?source=rss------cybersecurity-5
Moving upstream to lures we see hits from:
DADJOKE
FerociousKitten
MustangPanda
OceanLotus
cerebro: https://github.com/stairwell-inc/threat-research/pull/7
also a hit on reverse mutation from Deceptikons / DeathStalker LNK...
DADJOKE
FerociousKitten
MustangPanda
OceanLotus
cerebro: https://github.com/stairwell-inc/threat-research/pull/7
also a hit on reverse mutation from Deceptikons / DeathStalker LNK...
Update with hex strings by stvemillertime · Pull Request ...
Added hex function courtesy of glesnewich, and also added...
github.com
December 1, 2024 at 5:51 AM
Moving upstream to lures we see hits from:
DADJOKE
FerociousKitten
MustangPanda
OceanLotus
cerebro: https://github.com/stairwell-inc/threat-research/pull/7
also a hit on reverse mutation from Deceptikons / DeathStalker LNK...
DADJOKE
FerociousKitten
MustangPanda
OceanLotus
cerebro: https://github.com/stairwell-inc/threat-research/pull/7
also a hit on reverse mutation from Deceptikons / DeathStalker LNK...