Full Report
Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.
Analysis Summary
# Threat Actor: OceanLotus
## Attribution & Identity
* **Name:** OceanLotus
* **Aliases:** APT32, SeaLotus, Canvas Cyclone
* **Origin:** Associated with Vietnam-aligned interests.
* **Associations:** Historically linked to sophisticated cyber-espionage operations targeting government entities and private corporations globally.
## Activity Summary
Kaspersky researchers identified a campaign in late 2024/early 2025 involving the distribution of malicious Python "wheel" packages via the PyPI repository. These packages targeted both Windows and Linux environments. The initial compromise stage involves a dropper that delivers a multi-stage malware dubbed **ZiChatBot**, which functions as a reconnaissance tool and backdoor.
## Tactics, Techniques & Procedures
* **Supply Chain Attack:** Uploading malicious wheel packages to PyPI to exploit developers and automated build systems.
* **Multi-Stage Execution:** Use of short loader scripts to fetch secondary payloads.
* **Cross-Platform Targeting:** Payloads tailored for both Windows (PE files) and Linux (ELF files).
* **Evasion:** Use of legitimate-looking package names and metadata to blend in with valid Python libraries.
* **Dynamic Payload Retrieval:** Loading malware directly from remote servers to minimize the on-disk footprint of the initial package.
* **MITRE ATT&CK IDs:**
* T1195.001: Supply Chain Compromise: Malware Tools
* T1105: Ingress Tool Transfer
* T1059: Command and Scripting Interpreter (Python)
* T1083: File and Directory Discovery
## Targeting
* **Sectors:** Technology, Software Development, and potentially any sector utilizing Python-based infrastructure.
* **Geography:** Global (via PyPI), with a historical focus on Southeast Asian interests.
* **Victims:** Users and automated systems downloading specific malicious Python packages.
## Tools & Infrastructure
* **Malware Families:**
* **ZiChatBot:** A backdoor and reconnaissance tool used for post-exploitation.
* **Custom Droppers:** Python-based loaders contained within wheel packages.
* **Infrastructure:**
* C2/Download Domain: `api.zichat[.]org`
* C2/Download Domain: `cdn.zichat[.]org`
* IP Address: `152[.]42[.]236[.]180`
## Implications
OceanLotus continues to evolve by adopting modern supply chain attack vectors. By targeting the Python ecosystem, the actor moves upstream to compromise development environments, potentially leading to the infection of software products or corporate servers. This signifies a shift from traditional phishing toward more technical distribution methods that bypass standard email security perimeters.
## Mitigations
* **Software Composition Analysis (SCA):** Implement tools to audit Python dependencies and identify known malicious packages.
* **Package Pinning:** Use `requirements.txt` with specific hashes (SHA-256) to ensure only verified versions of packages are installed.
* **Environment Isolation:** Run builds and Python scripts in restricted containers or virtual environments with limited network egress.
* **Egress Filtering:** Block connections to known malicious domains such as `zichat[.]org`.
* **Internal Mirroring:** Use private package repositories (like Artifactory or devpi) to vet packages before making them available to developers.