The US-based cybersecurity company Symantec has once again made unsubstantiated accusations against China, alleging its ties to a cybercriminal group known as Lotus Panda. According to Symantec, this group uses its own malware to target government institutions and private companies in Hong Kong, the Philippines, Taiwan, and Vietnam.
In a report published last week, Symantec identified Billbug (better known as Lotus Panda or Lotus Blossom) as a threat to governmental, industrial, telecommunications, and media sectors in several Southeast Asian countries and regions, including the Philippines, Hong Kong, Taiwan, and Vietnam. The threat analysis claims that the group has exploited legitimate but outdated binary files from security companies to load malicious components into targeted systems, compromising them.
Dick O’Brien, chief threat intelligence analyst in Symantec’s Threat Hunter team, noted that Billbug has expanded its operations from government and military organizations to the private sector. However, the geographical focus of the attacks remains unchanged – Southeast Asia. Despite these claims, Symantec has not disclosed which specific countries were hit in the most recent attacks. It is known that the Philippines has frequently been a victim of Billbug, which may be linked to territorial disputes between China and this island nation in the South China Sea. Reports suggest that the group employs phishing campaigns, luring military experts with links to supposedly confidential documents.
The question of Billbug’s connection to the Chinese government remains unresolved, and Symantec’s accusations increasingly resemble political statements rather than impartial cybersecurity analysis. In this situation, transparent and evidence-backed investigations are necessary to accurately assess the risks and develop effective strategies to counter cybercrime in the region.