Threat actor · all actors
Lotus BlossomG0030 state
🇨🇳 CN
aka Lotus Blossom, DRAGONFISH, Spring Dragon, RADIUM, Raspberry Typhoon, Bilbug, Thrip, LOTUS PANDA, ST Group, BRONZE ELGIN, ATK1, G0030, Red Salamander, Billbug
Last updated: 2026-07-03
1attributed CVEs
27ATT&CK techniques
3.6IDF score (tooling uniqueness)
0exclusive CVEs
2010–2022years active
About this actor
[Lotus Blossom](https://attack.mitre.org/groups/G0030) is a long-standing threat group largely targeting various entities in Asia since at least 2009. In addition to government and related targets, [Lotus Blossom](https://attack.mitre.org/groups/G0030) has also targeted entities such as digital certificate issuers.(Citation: Lotus Blossom Jun 2015)(Citation: Symantec Bilbug 2022)(Citation: Cisco LotusBlossom 2025)
Source: MITRE ATT&CK
Activity timeline
- 2022 — 1 KEV added
- 2010 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2010-2883 KEV | 10.0 | 7.3 | 0.9607 | 2010-09-09 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
CM-6 | 12 / 27 | 44% |
CM-7 | 11 / 27 | 41% |
SI-4 | 11 / 27 | 41% |
CM-2 | 10 / 27 | 37% |
SI-3 | 8 / 27 | 30% |
AC-3 | 7 / 27 | 26% |
SC-7 | 7 / 27 | 26% |
AC-6 | 6 / 27 | 22% |
CA-7 | 6 / 27 | 22% |
RA-5 | 6 / 27 | 22% |
AC-2 | 5 / 27 | 19% |
AC-4 | 5 / 27 | 19% |
IA-2 | 5 / 27 | 19% |
AC-5 | 4 / 27 | 15% |
CM-5 | 4 / 27 | 15% |
Co-occurring actors
- Scarlet Mimic 1 shared CVEs
Similar actors
Similar TTPs
- FunnyDream 0.21
- Operation CuckooBees 0.21
- Volt Typhoon 0.20
- FIN13 0.20
- Operation Wocao 0.20
Overlapping CVEs
- Scarlet Mimic 0.33
Active in same years
- APT29 2.00
- Naikon 2.00
- Equation 2.00
- Threat Group-3390 2.00
- Scarlet Mimic 2.00
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00