Earth Lusca is a threat actor from China that targets organizations of interest to the Chinese government, including academic institutions, telecommunication companies, religious organizations, and other civil society groups. Earth Lusca's tools closely resemble those used by Winnti Umbrella, but the group appears to operate separately from Winnti. Earth Lusca has also been observed targeting cryptocurrency payment platforms and cryptocurrency exchanges in what are likely financially motivated attacks.
Also known as
CHROMIUM, ControlX, TAG-22, FISHMONGER, BRONZE UNIVERSITY, AQUATIC PANDA, Red Dev 10, RedHotel, Charcoal Typhoon, BountyGlad, Red Scylla.
References
- hello.global.ntt
- trendmicro.com
- recordedfuture.com
- query.prod.cms.rt.microsoft.com
- media-exp1.licdn.com
- sentinelone.com
- pwc.co.uk
- crowdstrike.com
- decoded.avast.io
- pwc.com
- go.recordedfuture.com
- securelist.com
Actor metadata imported from Malpedia (Fraunhofer FKIE).