Lotus Blossom

Also known as: Lotus Blossom, DRAGONFISH, Spring Dragon, RADIUM, Raspberry Typhoon, Bilbug, Thrip, G0076, ATK78

Lotus Blossom is a long-standing threat group largely targeting various entities in Asia since at least 2009. In addition to government and related targets, Lotus Blossom has also targeted entities such as digital certificate issuers. Lotus Blossom Jun 2015 Symantec Bilbug 2022 Cisco LotusBlossom 2025

🌍 Country China

🎯 Incident Type Espionage

🧭 ATT&CK G0030

Private sector

Targeted Victims

United States

Introduction

Activities and Tactics

Targeted Sectors: Private sector

Country of Origin: 🇨🇳 China

Incident Type: Espionage

Suspected Victims: United States

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

Information pending cataloguing.

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

[1] MITRE ATT&CK MITRE ATT&CK entry [2] Lotus Blossom Jun 2015 [3] Symantec Bilbug 2022 [4] Cisco LotusBlossom 2025

Source Attribution

Structured source: Malpedia (Fraunhofer FKIE)

View ATT&CK group profile

View upstream source record

License: CC BY-NC-SA 3.0

Additional source provenance

malpedia Source record Dataset
mitre Dataset

Source and license policy

🔍 Quick Filters

Top Countries

Risk Distribution

High

161

Critical

Low

Medium

Targeted Victims

Introduction

Activities and Tactics

Notable Campaigns

Tactics, Techniques, and Procedures (TTPs)

Notable Indicators of Compromise (IOCs)

Malware and Tools

Attribution and Evidence

References

Clickable IOC Blocks