First post of the year — I wish you all a happy New Year. Habits die hard, so to inaugurate 2026, I have chosen to write about another (likely) China-linked APT. Lotus Blossom, also known as Red Salamander, Lotus Panda, or Billbug, is an intrusion set active since at least 2009. While several pieces of…
Lire la suite
I am often asked how long an exposed machine can remain connected before being targeted. Just the other day, I was reviewing the initial results of an honeypot I had set up only minutes earlier when I noticed the first exploitation attempts. And, of course, it was a cryptominer. First stage In this case, the…
Lire la suite
Checkpoint recently published a report on Sharp Panda, mentioning an extension of its victimology as well as the utilization of a new dropper to deploy the 5.t framework. To avoid confusion with other vendors naming, Checkpoint decided to rename Sharp Panda to Sharp Dragon. Associated in open sources to China, this intrusion set is mostly…
Lire la suite
A few days ago, I saw a tweet from malware C2 hunter Viriback (kudos for all your great work) mentioning the Sarwent loader. This malware appeared at least in 2018 and was notably used in a campaign reported by Talos using Amnesty International as lure in 2021. Since I had never worked on this malware…
Lire la suite