Trusted Design

Attack on French Diplomat Linked to Operation Lotus Blossom

概要

PaloAlto observed a targeted attack in November directed at an individual working for the French Ministry of Foreign Affairs. The attack involved a spear-phishing email sent to a single French diplomat based in Taipei, Taiwan and contained an invitation to a Science and Technology support group event. The actors attempted to exploit CVE-2014-6332 using a slightly modified version of the proof-of-concept (POC) code to install a Trojan called Emissary, which is related to the Operation Lotus Blossom campaign. The TTPs used in this attack also match those detailed in the paper. The targeting of this individual suggests the actors are interested in breaching the French Ministry of Foreign Affairs itself or gaining insights into relations between France and Taiwan.

Created: 2026-02-23

Indicators

• URL - http://ustar5.PassAs.us/default.aspx -
• URL - http://203.124.14.229/default.aspx -
• FileHash-MD5 - 06f1d2be5e981dee056c231d184db908 -
• URL - http://dnt5b.myfw.us/default.aspx -
• hostname - appletree.onthenetas.com -
• FileHash-MD5 - e9f51a4e835929e513c3f30299567abc -
• FileHash-MD5 - 748feae269d561d80563eae551ef7bfd -
• FileHash-MD5 - 6278fc8c7bf14514353797b229d562e8 -
• CVE - CVE-2014-6332 -
• FileHash-MD5 - 9fd6f702763a9840bd1b3a898eb9c62d -
• hostname - dnt5b.myfw.us -
• hostname - ustar5.passas.us -

類似Pulses

• Emissary Trojan/ Operation Lotus Blossom Update (score: 0.69)
• OPERATION LOTUS BLOSSOM (score: 0.66)
• NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan (score: 0.64)
• New Sofacy Attacks Against US Government Agency (score: 0.64)
• Chinese Actors attacks on US Government and EU Media (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る