Cyber Resilience

Threat actor · all actors

Lotus BlossomG0030 state

🇨🇳 CN

aka Lotus Blossom, DRAGONFISH, Spring Dragon, RADIUM, Raspberry Typhoon, Bilbug, Thrip, LOTUS PANDA, ST Group, BRONZE ELGIN, ATK1, G0030, Red Salamander, Billbug

Last updated: 2026-07-03

1attributed CVEs
27ATT&CK techniques
3.6IDF score (tooling uniqueness)
0exclusive CVEs
2010–2022years active

About this actor

[Lotus Blossom](https://attack.mitre.org/groups/G0030) is a long-standing threat group largely targeting various entities in Asia since at least 2009. In addition to government and related targets, [Lotus Blossom](https://attack.mitre.org/groups/G0030) has also targeted entities such as digital certificate issuers.(Citation: Lotus Blossom Jun 2015)(Citation: Symantec Bilbug 2022)(Citation: Cisco LotusBlossom 2025)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2010-2883 KEV10.07.30.96072010-09-09see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
CM-612 / 2744%
CM-711 / 2741%
SI-411 / 2741%
CM-210 / 2737%
SI-38 / 2730%
AC-37 / 2726%
SC-77 / 2726%
AC-66 / 2722%
CA-76 / 2722%
RA-56 / 2722%
AC-25 / 2719%
AC-45 / 2719%
IA-25 / 2719%
AC-54 / 2715%
CM-54 / 2715%

Co-occurring actors

Similar actors

Overlapping CVEs

Active in same years

Same nation-state