• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
earth lusca hackers aimed at high value targets in government and

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

You are here: Home / General Cyber Security News / Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors
January 18, 2022

An elusive danger actor identified as Earth Lusca has been noticed placing businesses throughout the entire world as component of what seems to be concurrently an espionage campaign and an try to experience financial revenue.

“The checklist of its victims consists of high-price targets such as authorities and academic institutions, religious actions, pro-democracy and human legal rights companies in Hong Kong, COVID-19 study businesses, and the media, amongst other people,” Trend Micro researchers mentioned in a new report. “On the other hand, the risk actor also looks to be monetarily determined, as it also took intention at gambling and cryptocurrency companies.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The cybersecurity firm attributed the group as aspect of the more substantial China-centered Winnti cluster, which refers to a variety of connected groups alternatively than a one discrete entity that are focused on intelligence collecting and mental property theft.

Earth Lusca

Earth Lusca’s intrusion routes are facilitated by spear-phishing and watering hole attacks, although also leveraging vulnerabilities in public-going through programs, such as Microsoft Exchange ProxyShell and Oracle GlassFish Server exploits, as an attack vector.

The infection chains guide to the deployment of Cobalt Strike, along with a wide variety of additional malware these as Doraemon, ShadowPad, Winnti, FunnySwitch, and web shells like AntSword and Behinder.

Earth Lusca

Cobalt Strike is a full-highlighted intrusion suite that originated as a authentic remote accessibility device, created for purple teams to use in penetration tests. Even so, in new many years, it has develop into 1 of the most well-liked applications in a threat actor’s arsenal and the primary usually means of turning a foothold into a arms-on intrusion.

Interestingly, when the attacks also require setting up cryptocurrency miners on contaminated hosts, the scientists pointed out that “the revenue gained from the mining functions appear to be small.”

Prevent Data Breaches

Telemetry information collected by Craze Micro reveal that Earth Lusca staged attacks towards entities that could be of strategic fascination to the Chinese federal government, like —

  • Gambling companies in Mainland China
  • Govt establishments in Taiwan, Thailand, Philippines, Vietnam, United Arab Emirates, Mongolia, and Nigeria
  • Educational establishments in Taiwan, Hong Kong, Japan, and France
  • Information media in Taiwan, Hong Kong, Australia, Germany, and France
  • Pro-democracy and human legal rights political companies and movements in Hong Kong
  • COVID-19 research organizations in the U.S.
  • Telecom organizations in Nepal
  • Religious movements that are banned in Mainland China, and
  • Different cryptocurrency buying and selling platforms

“Evidence points to Earth Lusca remaining a really-competent and unsafe menace actor mainly enthusiastic by cyberespionage and economical get. However, the team still principally relies on experimented with-and-genuine methods to entrap a target,” the scientists said.

“Though this has its rewards (the strategies have presently confirmed to be effective), it also suggests that security very best methods, such as keeping away from clicking on suspicious email/site links and updating crucial public-facing apps, can lessen the impact — or even stop — an Earth Lusca attack.”

Uncovered this short article fascinating? Follow THN on Fb, Twitter  and LinkedIn to examine much more distinctive information we publish.


Some sections of this post are sourced from:
thehackernews.com

Previous Post: «zoho releases patch for critical flaw affecting manageengine desktop central Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central
Next Post: Ubuntu Security Guide to simplify DISA-STIG compliance ubuntu security guide to simplify disa stig compliance»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Ugandan Writers Charged with Cyber Stalking President
  • Russian Hackers Allegedly Compromise Ukrainian News Sites, Displaying ‘Z’ Symbol
  • A Third of Malicious Logins Originate in Nigeria
  • Open source dev attacked for spreading data-wiping ‘protestware’
  • Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet
  • Arkansas Sues Health System for Abandoning Patient Files
  • Netflix to Charge Password Sharers
  • Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines
  • Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops
  • Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware

Copyright © TheCyberSecurity.News, All Rights Reserved.