Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
The use of the PIPEDANCE backdoor hints at the connection of criminals with another well-known hacker group.
A financial institution in Vietnam has been targeted by a previously unknown hacker group dubbed Lotus Bane. The group was identified by cyber experts in March 2023, although it is assumed that it has been active since at least 2022. According to Group-IB, these attackers can be attributed to APT-groups.
The exact chain of infection of the Vietnamese company was not recreated by the researchers, but it definitely includes the use of various malware instances that served as a springboard for the next stage of the attack.
To achieve their goals, hackers used methods such as DLL Sideloading, data exchange through named pipes, and creating remote scheduled tasks for horizontal movement within the network.
Group-IB claims that the techniques used by Lotus Bane are similar to those used by the OceanLotus group, also known as APT32, Canvas Cyclone (formerly Bismuth) and Cobalt Kitty. In particular, both groups used PIPEDANCE malware to communicate through named channels. This malware was first documented by Elastic Security Labs experts in February 2023.
The similarity of the methods may indicate a connection between Lotus Bane and OceanLotus or a banal imitation, but the difference in the choice of goals clearly makes it clear that these groupings are not identical.
Lotus Bane actively attacks mainly the banking sector of the Asia-Pacific region (APR). The group is known to have carried out an attack in Vietnam, but the complexity of their methods points to the potential for broader geographical operations in the region. The exact duration of the group's activity before its discovery remains unknown.
Financial organizations in the Asia-Pacific region, as well as in Europe, Latin America and North America, have been targeted by several APT groups over the past year, including Blind Eagle and Lazarus. Special attention should be paid to the UNC1945 group, which was detected in attacks on ATMs using specialized malware called CakeTap.
The activities of the Lotus Bane and UNC1945 groups in the Asia-Pacific region highlight the need for continued attention and development of cybersecurity measures. The diversity of their tactics and goals highlights the complexity of protecting against financial cyberthreats in today's digital world.
A financial institution in Vietnam has been targeted by a previously unknown hacker group dubbed Lotus Bane. The group was identified by cyber experts in March 2023, although it is assumed that it has been active since at least 2022. According to Group-IB, these attackers can be attributed to APT-groups.
The exact chain of infection of the Vietnamese company was not recreated by the researchers, but it definitely includes the use of various malware instances that served as a springboard for the next stage of the attack.
To achieve their goals, hackers used methods such as DLL Sideloading, data exchange through named pipes, and creating remote scheduled tasks for horizontal movement within the network.
Group-IB claims that the techniques used by Lotus Bane are similar to those used by the OceanLotus group, also known as APT32, Canvas Cyclone (formerly Bismuth) and Cobalt Kitty. In particular, both groups used PIPEDANCE malware to communicate through named channels. This malware was first documented by Elastic Security Labs experts in February 2023.
The similarity of the methods may indicate a connection between Lotus Bane and OceanLotus or a banal imitation, but the difference in the choice of goals clearly makes it clear that these groupings are not identical.
Lotus Bane actively attacks mainly the banking sector of the Asia-Pacific region (APR). The group is known to have carried out an attack in Vietnam, but the complexity of their methods points to the potential for broader geographical operations in the region. The exact duration of the group's activity before its discovery remains unknown.
Financial organizations in the Asia-Pacific region, as well as in Europe, Latin America and North America, have been targeted by several APT groups over the past year, including Blind Eagle and Lazarus. Special attention should be paid to the UNC1945 group, which was detected in attacks on ATMs using specialized malware called CakeTap.
The activities of the Lotus Bane and UNC1945 groups in the Asia-Pacific region highlight the need for continued attention and development of cybersecurity measures. The diversity of their tactics and goals highlights the complexity of protecting against financial cyberthreats in today's digital world.
