← Back to Actors
Lotus Blossom
Lotus BlossomDRAGONFISHSpring DragonRADIUMRaspberry TyphoonBilbugThrip
[Lotus Blossom](https://attack.mitre.org/groups/G0030) is a long-standing threat group largely targeting various entities in Asia since at least 2009. In addition to government and related targets, [Lotus Blossom](https://attack.mitre.org/groups/G0030) has also targeted entities such as digital certificate issuers.(Citation: Lotus Blossom Jun 2015)(Citation: Symantec Bilbug 2022)(Citation: Cisco LotusBlossom 2025)
21
Techniques
20
Covered
1
Gaps
95%
Coverage
Coverage20/21
COVERED (20)
T1012Query Registry22 det.T1016System Network Configuration Discovery35 det.T1016.001Internet Connection Discovery6 det.T1018Remote System Discovery46 det.T1046Network Service Discovery49 det.T1047Windows Management Instrumentation85 det.T1049System Network Connections Discovery21 det.T1074.001Local Data Staging10 det.T1083File and Directory Discovery48 det.T1087.001Local Account32 det.T1087.002Domain Account55 det.T1090.001Internal Proxy10 det.T1090.003Multi-hop Proxy8 det.T1112Modify Registry197 det.T1134Access Token Manipulation24 det.T1482Domain Trust Discovery38 det.T1539Steal Web Session Cookie12 det.T1543.003Windows Service79 det.T1560.001Archive via Utility24 det.T1588.002Tool13 det.