OceanLotus

Pierluigi Paganini July 02, 2019
After 2 years under the radars, Ratsnif emerges in OceanLotus ops

Security experts spotted a news wave of attacks carried out by the OceanLotus APT group that involved the new Ratsnif Trojan. Experts at the security firm Cylance detected a new RAT dubbed Ratsnif that was used in cyber espionage operations conducted by the OceanLotus APT group. The OceanLotus APT group, also known as APT32 or Cobalt Kitty, is state-sponsored group that […]

Pierluigi Paganini April 03, 2019
OceanLotus APT group leverages a steganography-based loader to deliver backdoors

The OceanLotus APT group, also known as APT32 or Cobalt Kitty, leverages a steganography-based loader to deliver backdoors on compromised systems. Security researchers at Cylance discovered that the OceanLotus APT (also known as APT32 or Cobalt Kitty, group is using a loader leveragingsteganography to deliver a version of Denes backdoor and an updated version of […]

Pierluigi Paganini March 14, 2018
OceanLotus APT is very active, it used new Backdoor in recent campaigns

The OceanLotus APT group, also known as APT32 and APT-C-00, has been using a new backdoor in recently observed attacks. The OceanLotus Group has been active since at least 2013, according to the experts it is a state-sponsored hacking group linked to Vietnam, most of them in Vietnam, the Philippines, Laos, and Cambodia. The hackers targeting […]

Pierluigi Paganini December 12, 2017
The OceanLotus MacOS Backdoor Transforms into HiddenLotus with a Slick UNICODE Trick

Experts at Malwarebytes warns of a new variant of the macOS OceanLotus backdoor is using an innovative technique to avoid detection, A few years ago the bad actors realized they could use UNICODE characters that looked like English characters to lead unsuspecting victims to malicious websites. Now, they have figured out how to use a […]

Pierluigi Paganini February 18, 2016
A sophisticated variant of OceanLotus trojan targets OS X systems

In May 2015, the Chinese security firm Qihoo 360 published a report on a Trojan called OceanLotus that was being used since 2012 for APT attacks in the Chinese market. The APT attacks based  on the OceanLotus focused on government organizations, research institutes, maritime agencies, and companies specializing in other activities. At the time were […]