Palo Alto Networks Inc (NYSE:PANW), the leader in enterprise security, today shared research that uncovers a series of potentially state-sponsored cyberattacks targeting government and military organizations in countries throughout Southeast Asia.

Discovered by the Palo Alto Networks Unit 42 threat intelligence team and dubbed “Operation Lotus Blossom”, the attacks appear to be an attempt to gain inside information on the operation of nation-states throughout the region.  The campaign dates as far back as three years and involves targets in Hong Kong, Taiwan, Vietnam, the Philippines and Indonesia.

Over 50 separate attacks have been identified in Operation Lotus Blossom. They all use a custom-built Trojan, named “Elise” to deliver highly targeted spear phishing emails and gain an initial foothold on targeted systems. Unit 42 believes the Elise malware was developed to specifically meet the unique needs of the operation, but also is being used in other non-related attacks by the adversary.

The attacks, which display the use of custom-built tools, extensive resources, and persistence across multiple years, suggest a well funded and organized team is behind them. Given these variables and the nature of the targets, Unit 42 believes the motivation for the attacks is cyber espionage and the actors behind them are associated with or sponsored by a nation-state with strong interests in the regional affairs of Southeast Asia.


  • “The Trojan backdoor and vulnerability exploits used in Operation Lotus Blossom aren’t cutting-edge by today’s standards, but these types of attacks can be detrimental if they are successful and give attackers access to sensitive data. The fact that older vulnerabilities are still being used tells us that until organizations adopt a prevention-based mindset and take steps to improve cyber hygiene, cyberattackers will continue to use legacy methods because they still work well.”
    –    Ryan Olson, intelligence director, Unit 42, Palo Alto Networks

The Unit 42 team discovered the Lotus Blossom campaign using the recently announced Palo Alto Networks AutoFocus service, which allowed the team’s security analysts to correlate and interrogate security events from over 6,000 WildFire subscribers and other threat intelligence sources. These attacks are automatically prevented for all Palo Alto Networks Threat Prevention and WildFire subscribers. Others are encouraged to check their networks for signs of intrusion and add relevant indicators to their security controls, all of which are detailed in the full report. (Original Source)

Shares of Palo Alto Networks closed yesterday at $176.84. PANW has a 1-year high of $177.40 and a 1-year low of $73.12. The stock’s 50-day moving average is $160.64 and its 200-day moving average is $140.40.

On the ratings front, Palo Alto Networks has been the subject of a number of recent research reports. In a report issued on June 2, Guggenheim analyst Ryan Hutchinson initiated coverage with a Buy rating on PANW and a price target of $200, which implies an upside of 13.1% from current levels. Separately, on May 29, Imperial’s Michael W. Kim reiterated a Buy rating on the stock and has a price target of $185.

According to, which ranks over 7,500 financial analysts and bloggers to gauge the performance of their past recommendations, Ryan Hutchinson and Michael W. Kim have a total average return of 22.6% and 9.4% respectively. Hutchinson has a success rate of 67.9% and is ranked #416 out of 3629 analysts, while Kim has a success rate of 100.0% and is ranked #2526.

The street is mostly Bullish on PANW stock. Out of 13 analysts who cover the stock, 11 suggest a Buy rating and 2 recommend to Hold the stock. The 12-month average price target assigned to the stock is $182.00, which represents a slight upside potential from current levels.

Palo Alto Networks Inc offers an enterprise network security platform that allows enterprises, service providers, and government entities to secure their networks and safely enable applications running on their networks.