← Back to Actors
Lotus Blossom
Lotus BlossomDRAGONFISHSpring DragonRADIUMRaspberry TyphoonBilbugThrip
[Lotus Blossom](https://attack.mitre.org/groups/G0030) is a long-standing threat group largely targeting various entities in Asia since at least 2009. In addition to government and related targets, [Lotus Blossom](https://attack.mitre.org/groups/G0030) has also targeted entities such as digital certificate issuers.(Citation: Lotus Blossom Jun 2015)(Citation: Symantec Bilbug 2022)(Citation: Cisco LotusBlossom 2025)
21
Techniques
20
Covered
1
Gaps
95%
Coverage
Coverage20/21
COVERED (20)
T1012Query Registry24 det.T1016System Network Configuration Discovery39 det.T1016.001Internet Connection Discovery6 det.T1018Remote System Discovery50 det.T1046Network Service Discovery51 det.T1047Windows Management Instrumentation87 det.T1049System Network Connections Discovery22 det.T1074.001Local Data Staging10 det.T1083File and Directory Discovery48 det.T1087.001Local Account33 det.T1087.002Domain Account57 det.T1090.001Internal Proxy10 det.T1090.003Multi-hop Proxy9 det.T1112Modify Registry203 det.T1134Access Token Manipulation28 det.T1482Domain Trust Discovery41 det.T1539Steal Web Session Cookie15 det.T1543.003Windows Service79 det.T1560.001Archive via Utility26 det.T1588.002Tool13 det.