{"id":229208,"date":"2026-01-17T02:17:17","date_gmt":"2026-01-17T08:17:17","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/01\/lotuslite-backdoor-targets-u-s-policy-entities-using-venezuela-themed-spear-phishing"},"modified":"2026-01-17T02:17:17","modified_gmt":"2026-01-17T08:17:17","slug":"lotuslite-backdoor-targets-u-s-policy-entities-using-venezuela-themed-spear-phishing","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/01\/lotuslite-backdoor-targets-u-s-policy-entities-using-venezuela-themed-spear-phishing","title":{"rendered":"LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/lotuslite-backdoor-targets-u-s-policy-entities-using-venezuela-themed-spear-phishing2.jpg\"><\/a><\/p>\n<p>Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as <strong>LOTUSLITE<\/strong>.<\/p>\n<p>The targeted malware campaign leverages decoys related to the <a href=\"https:\/\/en.wikipedia.org\/wiki\/2026_United_States_intervention_in_Venezuela\" rel=\"noopener\" target=\"_blank\">recent geopolitical developments<\/a> between the U.S. and Venezuela to distribute a ZIP archive (\u201cUS now deciding what\u2019s next for Venezuela.zip\u201d) containing a malicious DLL that\u2019s launched using DLL side-loading techniques. It\u2019s not known if the campaign managed to successfully compromise any of the targets.<\/p>\n<p>The activity has been attributed with moderate confidence to a Chinese state-sponsored group known as <a href=\"https:\/\/thehackernews.com\/2025\/12\/mustang-panda-uses-signed-kernel-driver.html\" rel=\"noopener\" target=\"_blank\">Mustang Panda<\/a> (aka Earth Pret, HoneyMyte, and Twill Typhoon), citing tactical and infrastructure patterns. It\u2019s worth noting that the threat actor is known for extensively relying on DLL side-loading to launch its backdoors, including TONESHELL.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive (\u201cUS now deciding what\u2019s next [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1490,31],"tags":[],"class_list":["post-229208","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-government","category-policy"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/229208","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=229208"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/229208\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=229208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=229208"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=229208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}