January 25, 2022

Chinese Cyber-Espionage Group Earth Lusca

Industry: Education, Finance, Gambling, Government, News, Telecommunications and Religion |
Level: Operational | Source: TrendMicro

An identified Chinese cyber-espionage group Earth Lusca, has been conducting undercover operations on multiple institutions in a variety of locations of interest to the Chinese government whilst, also being financially-motivated for profit. Geographic spread is wide with the following industries education, finance – cryptocurrency, gambling, government, news, telecommunications and religion having been targeted. From TrendMicro’s, research the group’s operations began in mid 2021 targeting service companies with watering hole attacks. Additionally, initial access could be obtained from spear phishing campaigns or exploiting public-facing vulnerabilities such as ProxyShell or Oracle vulnerabilities.

  • Anvilogic Scenarios:
    • Earth Lusca – InitialAccess – Behaviors
    • Earth Lusca – PostExploit – Behaviors
  • Anvilogic Use Cases:
    • Suspicious Email Attachment
    • MSHTA.exe execution
    • Certutil De-Obfuscate/Decode Files
    • Potential ProxyShell