Executive Summary
In July 2025, the OceanLotus APT group initiated a supply chain attack by uploading malicious Python wheel packages to the Python Package Index (PyPI). These packages, named 'uuid32-utils', 'colorinal', and 'termncolor', acted as droppers for a previously unknown malware family called ZiChatBot, targeting both Windows and Linux platforms. The infection chain involved extracting a DLL or .SO dropper from the wheel package, establishing persistence via registry (Windows) or crontab (Linux), and deploying ZiChatBot. Notably, ZiChatBot utilized Zulip's public REST APIs as its command and control infrastructure, deviating from traditional dedicated servers and complicating detection efforts. The malicious packages were swiftly removed from PyPI, and the associated Zulip organization was deactivated. To date, no confirmed infections have been reported. This campaign underscores OceanLotus's expanding strategy of leveraging supply chain attacks to target a global audience, following a similar GitHub-based phishing campaign earlier in 2025.
Why This Matters Now
The OceanLotus campaign highlights the escalating threat of supply chain attacks targeting open-source ecosystems. As organizations increasingly rely on third-party packages, the risk of malicious code infiltrating trusted repositories grows, emphasizing the need for enhanced vigilance and security measures in software development pipelines.
Attack Path Analysis
The OceanLotus APT group executed a supply chain attack by uploading malicious Python packages to PyPI, leading to the deployment of the ZiChatBot malware. Upon installation, these packages extracted and executed a dropper that deployed ZiChatBot, establishing persistence on the victim's system. ZiChatBot then utilized Zulip's public REST APIs for command and control communication. While specific data exfiltration activities were not observed, the malware's capabilities suggest potential for such actions. The campaign's impact was mitigated by the swift removal of the malicious packages and deactivation of the associated Zulip organization.
Kill Chain Progression
Initial Compromise
Description
Malicious Python packages were uploaded to PyPI, leading to the deployment of the ZiChatBot malware upon installation.
MITRE ATT&CK® Techniques
Supply Chain Compromise: Compromise Software Dependencies and Development Tools
User Execution: Malicious Link
Command and Scripting Interpreter: Python
Hijack Execution Flow: DLL Side-Loading
Application Layer Protocol: Web Protocols
Ingress Tool Transfer
Process Injection: Dynamic-link Library Injection
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure all system components and software are protected from known vulnerabilities by installing applicable security patches
Control ID: 6.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Asset Management
Control ID: 3.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
PyPI supply chain attack targets Python developers globally, compromising software development environments through malicious packages with ZiChatBot malware deployment capabilities.
Information Technology/IT
IT infrastructure faces critical risk from encrypted traffic exfiltration and lateral movement through compromised Python environments, requiring enhanced egress security controls.
Computer/Network Security
Cybersecurity organizations must implement zero trust segmentation and anomaly detection to prevent OceanLotus APT group's sophisticated supply chain infiltration methods.
Financial Services
Banking sector vulnerable to data exfiltration through compromised Python applications, necessitating strict compliance with PCI DSS and encrypted traffic monitoring requirements.
Sources
- OceanLotus suspected of using PyPI to deliver ZiChatBot malwarehttps://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/Verified
- OceanLotus Adversary Emulation Planhttps://ctid.mitre.org/projects/oceanlotus-adversary-emulation-plan/Verified
- OSX_OCEANLOTUS.D, Software S0352 | MITRE ATT&CK®https://attack.mitre.org/software/S0352/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the malware's ability to establish persistence, communicate externally, and exfiltrate data, thereby reducing the attack's overall impact.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The CNSF would likely have constrained the malware's ability to execute unauthorized code upon installation, thereby reducing the risk of initial compromise.
Control: Zero Trust Segmentation
Mitigation: Zero Trust Segmentation would likely have restricted the malware's ability to escalate privileges by limiting its access to critical system components.
Control: East-West Traffic Security
Mitigation: East-West Traffic Security would likely have limited the malware's potential to move laterally, thereby reducing the risk of further system compromise.
Control: Multicloud Visibility & Control
Mitigation: Multicloud Visibility & Control would likely have detected and restricted unauthorized outbound communications, limiting the malware's command and control capabilities.
Control: Egress Security & Policy Enforcement
Mitigation: Egress Security & Policy Enforcement would likely have limited the malware's ability to exfiltrate data, reducing the risk of data loss.
The CNSF would likely have reduced the overall impact by limiting the malware's ability to persist, communicate externally, and exfiltrate data.
Impact at a Glance
Affected Business Functions
- Software Development
- IT Infrastructure Management
- Cybersecurity Operations
Estimated downtime: N/A
Estimated loss: N/A
Potential exposure of sensitive development environments and intellectual property.
Recommended Actions
Key Takeaways & Next Steps
- • Implement supply chain security controls to verify the integrity of third-party packages before deployment.
- • Enforce strict egress filtering to monitor and control outbound communications, preventing unauthorized command and control channels.
- • Utilize threat detection systems capable of identifying and responding to anomalous behaviors indicative of malware activity.
- • Establish robust identity and access management policies to limit the potential for privilege escalation.
- • Conduct regular security assessments and audits to identify and remediate vulnerabilities within the development and deployment pipelines.
