Information about attack on French Diplomat
We observed a targeted attack in November directed at an individual working for the French Ministry of Foreign Affairs. The attack involved a spearphishing email sent to a single French diplomat based in Taipei, Taiwan and contained an invitation to a Science and Technology support group event.
We observed a targeted attack in November directed at an individual working for the French Ministry of Foreign Affairs. The attack involved a spearphishing email sent to a single French diplomat based in Taipei, Taiwan and contained an invitation to a Science and Technology support group event.
The actors attempted to exploit CVE20146332 using a slightly modified version of the proofofconcept (POC) code to install a Trojan called Emissary, which is related to the Operation Lotus Blossom campaign. The TTPs used in this attack also match those detailed in the paper. The targeting of this individual suggests the actors are interested in breaching the French Ministry of Foreign Affairs itself or gaining insights into relations between France and Taiwan.
We have created the Emissary tag for AutoFocus users to track this threat.