Intrusions with new Sagerunex backdoor versions have been launched by suspected Chinese threat operation Lotus Panda against telecommunications, government, manufacturing, and media organizations in Hong Kong, Taiwan, Vietnam, and the Philippines, The Hacker News reports.After obtaining initial access through yet to be determined means, Lotus Panda — also known as Lotus Blossom, Billbug, Bronze Elgin, Spring Dragon, and Thrip — deployed a pair of beta Sagerunex malware variants that exploit Zimbra, Dropbox, and X for more covert encryption and exfiltration of host details, with the Zimbra iteration of the payload also facilitating the usage of Zimbra mail content for command execution, according to an analysis from Cisco Talos.Attacks also involved the delivery of the open-source Venom proxy utility to connect isolated devices to internet-exposed systems, a Chrome credential-targeting cookie stealer, a privilege adjustment tool, and data compression and encryption software, as well as the execution of commands enabling reconnaissance efforts, said Cisco Talos researchers.