Threat Intelligence OceanLotus targets stock investors and construction firm with SPECTRALVIPER backdoor June 11, 2026 Share By SC Staff Vietnam-aligned threat actor OceanLotus has been linked to two distinct campaigns targeting domestic entities and stock investors with a backdoor known as SPECTRALVIPER, according to ESET. These campaigns represent a shift in the group's operational focus, with an increasing emphasis on domestic espionage rather than external targets, with further coverage provided by The Hacker News. The first campaign involved a cyber espionage operation against a Vietnamese infrastructure and transport construction corporation from November 2024 to February 2026. The second campaign, running from October 2025 to March 2026, was a supply chain attack leveraging FireAnt Metakit, a software platform used by stock investors. This attack exploited the software's update URL to distribute the SPECTRALVIPER backdoor. The group also targeted the construction firm, likely using remote code execution vulnerabilities, and deployed SPECTRALVIPER via DLL side-loading. SPECTRALVIPER facilitates host reconnaissance, C2 communication, and lateral movement. OceanLotus, active since 2012, has a history of targeting media, human rights organizations, and dissidents, but these recent activities suggest a strategic adjustment towards domestic targets following past exposure. Source: The Hacker News SC Staff Related Threat Intelligence FBI shuts down 13 ‘consulting’ websites used for suspected Chinese espionage Laura French June 11, 2026 The sites were used to lure security clearance holders into divulging classified information. Threat Intelligence Russian national charged in connection with Void Blizzard cyberespionage campaign SC Staff June 11, 2026 Federal prosecutors have charged a Russian national, Denis Nikolayevich Obrezko, with conspiracy to commit unauthorized computer access in connection with a widespread cyberespionage campaign attributed to the Russia-aligned threat group Void Blizzard, according to a recent report by CyberScoop. Threat Intelligence JDY botnet expands, enabling rapid exploitation of disclosed vulnerabilities SC Staff June 10, 2026 Initially flagged as part of the KV-botnet, JDY has evolved into an independent reconnaissance capability following the U.S. government's takedown of KV in early 2024. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Backdoor Deauthentication Attack Defacement Dictionary Attack Distributed Scans Dumpster Diving Google Hacking Hybrid Attack Reconnaissance You can skip this ad in 5 seconds