Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

An elusive danger actor identified as Earth Lusca has been noticed placing businesses throughout the entire world as component of what seems to be concurrently an espionage campaign and an try to experience financial revenue.

“The checklist of its victims consists of high-price targets such as authorities and academic institutions, religious actions, pro-democracy and human legal rights companies in Hong Kong, COVID-19 study businesses, and the media, amongst other people,” Trend Micro researchers mentioned in a new report. “On the other hand, the risk actor also looks to be monetarily determined, as it also took intention at gambling and cryptocurrency companies.

The cybersecurity firm attributed the group as aspect of the more substantial China-centered Winnti cluster, which refers to a variety of connected groups alternatively than a one discrete entity that are focused on intelligence collecting and mental property theft.

Earth Lusca’s intrusion routes are facilitated by spear-phishing and watering hole attacks, although also leveraging vulnerabilities in public-going through programs, such as Microsoft Exchange ProxyShell and Oracle GlassFish Server exploits, as an attack vector.

The infection chains guide to the deployment of Cobalt Strike, along with a wide variety of additional malware these as Doraemon, ShadowPad, Winnti, FunnySwitch, and web shells like AntSword and Behinder.

Cobalt Strike is a full-highlighted intrusion suite that originated as a authentic remote accessibility device, created for purple teams to use in penetration tests. Even so, in new many years, it has develop into 1 of the most well-liked applications in a threat actor’s arsenal and the primary usually means of turning a foothold into a arms-on intrusion.

Interestingly, when the attacks also require setting up cryptocurrency miners on contaminated hosts, the scientists pointed out that “the revenue gained from the mining functions appear to be small.”

Telemetry information collected by Craze Micro reveal that Earth Lusca staged attacks towards entities that could be of strategic fascination to the Chinese federal government, like —

• Gambling companies in Mainland China
• Govt establishments in Taiwan, Thailand, Philippines, Vietnam, United Arab Emirates, Mongolia, and Nigeria
• Educational establishments in Taiwan, Hong Kong, Japan, and France
• Information media in Taiwan, Hong Kong, Australia, Germany, and France
• Pro-democracy and human legal rights political companies and movements in Hong Kong
• COVID-19 research organizations in the U.S.
• Telecom organizations in Nepal
• Religious movements that are banned in Mainland China, and
• Different cryptocurrency buying and selling platforms

“Evidence points to Earth Lusca remaining a really-competent and unsafe menace actor mainly enthusiastic by cyberespionage and economical get. However, the team still principally relies on experimented with-and-genuine methods to entrap a target,” the scientists said.

“Though this has its rewards (the strategies have presently confirmed to be effective), it also suggests that security very best methods, such as keeping away from clicking on suspicious email/site links and updating crucial public-facing apps, can lessen the impact — or even stop — an Earth Lusca attack.”

Uncovered this short article fascinating? Follow THN on Fb, Twitter  and LinkedIn to examine much more distinctive information we publish.

Some sections of this post are sourced from:
thehackernews.com