VERY IMPORTANT

A targeted malware campaign against U.S. government entities has been observed, utilizing a politically themed ZIP archive containing a loader executable and a malicious DLL. The DLL functions as a backdoor named LOTUSLITE, communicating with a hard-coded command-and-control server. The campaign demonstrates minimal technical sophistication but shows deliberate victim selection and use of geopolitical lures. Attribution analysis suggests moderate-confidence overlap with Mustang Panda tradecraft, including delivery style, loader-DLL separation, and infrastructure usage. The backdoor supports basic remote tasking and data exfiltration, indicating an espionage-focused capability. This activity reflects a trend of targeted spear phishing using geopolitical themes and reliable execution techniques like DLL sideloading.