Billbug is a State-sponsored actor that has targeted Cert Authority and Government Agencies in multiple Asian countries. Campaign has been ongoing at least since March 2022.
• Symantec attributes the attack to a China-linked cyberespionage group tracked as Billbug. Billbug (aka Lotus Blossom, Thrip). This is a long-established advanced persistent threat (APT) group that is believed to have been active since at least 2009. The state-sponsored actors compromised a digital Certificate Authority in an Asian country during a campaign in which multiple government agencies were also targeted.
• In 2019 Symantec researchers reported that the group was using the backdoors Hannotog (Backdoor.Hannotog) and Sagerunex (Backdoor.Sagerunex), which were both used in the recent campaign.