Spring Dragon

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Spring Dragon, a threat actor known for its malicious activities, has been active for several years and has targeted organizations in various locations globally, including Vietnam (VN), Taiwan (TW), the Philippines (PH), and other areas. Its primary victims are defense subcontractors and government-related entities. This group's tactics are not limited to conventional spearphishing methods using the somewhat antiquated CVE-2012-0158 exploits; they also employ more innovative and complex intrusion techniques. Their operations have been so extensive that Palo Alto Networks released a paper detailing some of their activities under the label "the Lotus Blossom Operation." Interestingly, Spring Dragon's activities in Myanmar have largely gone unreported despite evidence of their infiltration techniques being deployed there. Beyond traditional spearphishing, they have also compromised websites as part of their attack strategy. This shows the group's adaptability and willingness to use a mix of techniques to achieve their objectives. The ongoing attacks by Spring Dragon underscore the persistent cybersecurity threats posed by advanced persistent threat (APT) actors. The group's continued evolution and creativity in delivery techniques highlight the need for robust and adaptive cybersecurity measures. The unique codebase used by this group, referred to as "Elise," has been traced back to at least 2012, indicating a long-standing operation that requires continual monitoring and vigilance from cybersecurity professionals worldwide.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Elise is a malicious software (malware) that is part of the LStudio malware group, which also includes the Emissary Trojan. Both Elise and Emissary share code overlap and utilize a custom algorithm to decrypt their configurations, using the "srand" function to set a seed value for the "rand" functio
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lotus BlossomUnspecified
Lotus Blossom, also known as Billbug and Thrip, is a threat actor that has been active since 2009, engaging in persistent cyber espionage campaigns primarily targeting government and military organizations in Southeast Asia. The group is notorious for its use of sophisticated delivery techniques and
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2012-0158 is a significant vulnerability in the software design and implementation of Microsoft Office, specifically related to the parsing of Rich-text-format (.rtf) files. This flaw was first exploited in spear-phishing attacks where emails contained three different attachments, each exploitin
Source Document References
Information about the Spring Dragon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
a year ago
The Spring Dragon APT