Earth Lusca
Earth Lusca is an intrusion set which has been observed by Trend Micro since 2021. The group use spear phishing and watering holes to gain initial access to targets and have been observed using the Winnti malware.
The groups targets include government, pro-democracy and human rights organizations in Hong Cong, educational institutions and more, primarily for espionage purposes.
Trend Micro also report instances of the group conducting financially motivated attacks against gambling and cryptocurrency companies.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
Earth Lusca Threat Reports
Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections
Blog post from researchers at Trend Micro discussing Earth Lusca and potential links to Chinese contractor I-Soon. Earth Lusca is a China-linked ...
References
go.recordedfuture.com
https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdfwww.trendmicro.com
https://www.trendmicro.com/en_us/research/22/a/earth-lusca-sophisticated-infrastructure-varied-tools-and-techni.htmlwww.trendmicro.com
https://www.trendmicro.com/en_us/research/24/b/earth-lusca-uses-geopolitical-lure-to-target-taiwan.htmlwww.trendmicro.com
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdfMITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.