Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Summary
Cybersecurity researchers have identified a new variant of the LOTUSLITE malware, which is being used in targeted attacks against Indian banks and South Korean policy circles. The malware, distributed via themes related to India's banking sector, provides backdoor access and supports remote shell, file operations, and session management, indicating a focus on espionage.
IFF Assessment
This is bad news for defenders as a new variant of a sophisticated backdoor malware is actively targeting critical sectors like banking and government policy, indicating an evolving threat landscape.
Defender Context
Defenders should be vigilant for phishing attempts or malicious attachments disguised as Indian banking-related information. The sophistication of LOTUSLITE, with its dynamic C2 infrastructure and espionage capabilities, requires robust endpoint detection and response, network traffic analysis, and strong user awareness training.