• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
earth lusca hackers aimed at high value targets in government and

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

You are here: Home / General Cyber Security News / Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors
January 18, 2022

An elusive danger actor identified as Earth Lusca has been noticed placing businesses throughout the entire world as component of what seems to be concurrently an espionage campaign and an try to experience financial revenue.

“The checklist of its victims consists of high-price targets such as authorities and academic institutions, religious actions, pro-democracy and human legal rights companies in Hong Kong, COVID-19 study businesses, and the media, amongst other people,” Trend Micro researchers mentioned in a new report. “On the other hand, the risk actor also looks to be monetarily determined, as it also took intention at gambling and cryptocurrency companies.

Automatic GitHub Backups

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The cybersecurity firm attributed the group as aspect of the more substantial China-centered Winnti cluster, which refers to a variety of connected groups alternatively than a one discrete entity that are focused on intelligence collecting and mental property theft.

Earth Lusca

Earth Lusca’s intrusion routes are facilitated by spear-phishing and watering hole attacks, although also leveraging vulnerabilities in public-going through programs, such as Microsoft Exchange ProxyShell and Oracle GlassFish Server exploits, as an attack vector.

The infection chains guide to the deployment of Cobalt Strike, along with a wide variety of additional malware these as Doraemon, ShadowPad, Winnti, FunnySwitch, and web shells like AntSword and Behinder.

Earth Lusca

Cobalt Strike is a full-highlighted intrusion suite that originated as a authentic remote accessibility device, created for purple teams to use in penetration tests. Even so, in new many years, it has develop into 1 of the most well-liked applications in a threat actor’s arsenal and the primary usually means of turning a foothold into a arms-on intrusion.

Interestingly, when the attacks also require setting up cryptocurrency miners on contaminated hosts, the scientists pointed out that “the revenue gained from the mining functions appear to be small.”

Prevent Data Breaches

Telemetry information collected by Craze Micro reveal that Earth Lusca staged attacks towards entities that could be of strategic fascination to the Chinese federal government, like —

  • Gambling companies in Mainland China
  • Govt establishments in Taiwan, Thailand, Philippines, Vietnam, United Arab Emirates, Mongolia, and Nigeria
  • Educational establishments in Taiwan, Hong Kong, Japan, and France
  • Information media in Taiwan, Hong Kong, Australia, Germany, and France
  • Pro-democracy and human legal rights political companies and movements in Hong Kong
  • COVID-19 research organizations in the U.S.
  • Telecom organizations in Nepal
  • Religious movements that are banned in Mainland China, and
  • Different cryptocurrency buying and selling platforms

“Evidence points to Earth Lusca remaining a really-competent and unsafe menace actor mainly enthusiastic by cyberespionage and economical get. However, the team still principally relies on experimented with-and-genuine methods to entrap a target,” the scientists said.

“Though this has its rewards (the strategies have presently confirmed to be effective), it also suggests that security very best methods, such as keeping away from clicking on suspicious email/site links and updating crucial public-facing apps, can lessen the impact — or even stop — an Earth Lusca attack.”

Uncovered this short article fascinating? Follow THN on Fb, Twitter  and LinkedIn to examine much more distinctive information we publish.


Some sections of this post are sourced from:
thehackernews.com

Previous Post: «zoho releases patch for critical flaw affecting manageengine desktop central Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central
Next Post: Ubuntu Security Guide to simplify DISA-STIG compliance ubuntu security guide to simplify disa stig compliance»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.