MENU

The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129. 

SUMMARY

The Spring Dragon malware is known for spear phishing and watering hole techniques.  It is also known as LotusBlossom.  This group of malware has been running campaigns mostly in countries and territories around the South China Sea as early as 2012, however, new activities by the Advanced Persistent Threat (APT) actor have been tracked recently.

The threat actor behind Spring Dragon has been developing and updating the range of tools throughout the years it has been operational.  It has been noted that the toolset of this malware consists of various backdoor modules with unique characteristics and functionalities.  All the toolset are capable of downloading more files into the victim’s machine, uploading files to the attacker’s servers, and executing any executable file or any command on the victim’s machine.  With these functionalities, the attackers may be able to undertake different malicious activities in the victim’s machine.

The main targets of the attack of the Spring Dragon malware are the sectors and industries to include high-profile governmental organizations, political parties, education institutions and universities, and Telecommunication companies.

RECOMMENDATION

PNP personnel and the public are advised to follow the best practices listed below for security purposes in order to remove malware, once infected:

  • To remove adware: (For Windows OS) Uninstall the adware by removing the application from the Programs and Features list in the Windows Control Panel; (For Mac OS) Use the Finder to locate the Applications, Drag the suspicious file to the Trash and Empty the Trash;
  • Scan and clean your machine using anti-malware and adware cleaner software;
  • Remove malicious add-ons, extensions or plug-ins form your browser; and
  • Restore your internet browser to its default settings.

 

For additional information, please refer to the following websites:

http://www.securityweek.com/over-600-malware-samples-linked-chinese-cyberspy-group

https://securelist.com/spring-dragon-updated-activity/79067/

http://researchcenter.paloaltonetworks.com/2015/06/operation-lotus-blossom/

http://www.trendmicro.com.my/vinfo/my/security/news/cyber-attacks/esile-targeted-attack-campaign-hits-apac-governments http://www.trendmicro.com.my/vinfo/my/security/news/cyber-attacks/esile-targeted-attack-campaign-hits-apac-governments

 

 

POINT OF CONTACT

 

Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru email address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.