Earth Lusca

Threat Actor Profile Updated 19 days ago
Download STIX
Preview STIX
Earth Lusca, a threat actor known for its malicious activities in the cyber world, has recently expanded its arsenal with the addition of a new tool, SprySOCKS Linux malware. This development was reported by Security Affairs in October 2020. Earth Lusca can be an individual, a private company, or part of a government entity that executes actions with malicious intent. The cybersecurity industry recognizes this group as one of many involved in harmful digital activities, demonstrating the varied and unpredictable nature of online threats. The SprySOCKS Linux malware is a backdoor program designed to infiltrate systems and provide unauthorized access to the attacker. This tool represents a significant escalation in Earth Lusca's capabilities, given the widespread use of Linux in various industries and sectors worldwide. The introduction of this malware into their toolkit allows them to potentially gain control over a wide range of systems, posing a considerable threat to organizations that rely on Linux-based infrastructure. In response to this situation, it is crucial for organizations to ensure their security measures are up-to-date and comprehensive. This includes regularly updating and patching software, educating staff about potential threats, and employing advanced threat detection and response tools. With Earth Lusca continuing to evolve its tactics, a proactive approach to cybersecurity is more important than ever.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
I-Soon
4
i-SOON, a threat actor believed to be operating out of China, has come into the limelight due to a significant data leak. The leaked documents provide an inside view of i-SOON's operations, revealing its role in executing cyberespionage campaigns on behalf of various Chinese government agencies. Thi
Earth Krahang
3
Earth Krahang is a threat actor, a term used in cybersecurity to describe an entity responsible for malicious activities. This could be an individual, a private company, or even a government organization. In the world of cybersecurity, unique names are often given to these actors to differentiate th
Bronze University
2
Bronze University, also known as Aquatic Panda, ControlX, RedHotel, and Earth Lusca, is a threat actor group believed to be a Chinese state-sponsored hacking operation. The group has been active since 2021, targeting government, aerospace, education, telecommunications, media, and research organizat
Chromium
1
Chromium is an open-source software project that forms the foundation for several web browsers, including Google Chrome, Microsoft Edge, and Brave. The initial goal of Chromium was to create a fast, secure, and stable browsing experience. Over time, it has evolved to include various features such as
ISOON
1
iSoon, also known as Shanghai Anxun Information Technology or Auxun, is a Chinese information security (InfoSec) vendor based in Shanghai. The company's compromise led to an unusual leak of information that provided further evidence supporting the "quartermaster" theory of Chinese hacking. This theo
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Backdoor
Linux
Lateral Move...
Espionage
Web Shell
Chinese
Exploit
Github
Vulnerability
Remote Code ...
Windows
Apt
Loader
Telerik
Fortios
Fortinac
Chrome
Chromium
Taiwan
ISOON
State Sponso...
Payload
RCE (Remote ...
Spyware
Zero Day
Ddos
Known Exploi...
Smishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SprysocksUnspecified
6
SprySOCKS is a new strain of malware that has recently been added to the arsenal of Earth Lusca, an advanced persistent threat (APT) group known for its sophisticated cyberattacks. Malware, short for malicious software, is designed to exploit and damage computers or devices without the user's knowle
ShadowPadUnspecified
2
ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in
Predator SpywareUnspecified
1
Predator Spyware is a type of malware, or malicious software, that has recently been identified as a significant threat to digital security. This harmful program infiltrates devices without the user's knowledge, often through suspicious downloads, emails, or websites. Once installed, it can steal pe
DerusbiUnspecified
1
Derusbi is a sophisticated malware family known for its ability to target both Linux and Windows systems. It has been predominantly associated with Chinese cyber espionage operations since 2008, making it a significant concern in the realm of cybersecurity. The malware primarily functions as a tool
Royal RansomwareUnspecified
1
Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi
P2pinfectUnspecified
1
P2Pinfect is a malicious software (malware) that has recently been updated to target Redis servers with miners and ransomware, as well as routers and Internet of Things (IoT) devices. This malware infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once
LuadreamUnspecified
1
LuaDream is a type of malware, specifically designed to exploit and damage computer systems or devices. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or
PredatorUnspecified
1
Predator is a potent malware that, along with NSO Group's Pegasus, remains a leading provider of mercenary spyware. Despite public disclosures in September 2023, Predator's operators have continued their operations with minimal changes, exploiting recently patched zero-day vulnerabilities in Apple a
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Earth AkhlutUnspecified
3
Earth Akhlut is a recognized threat actor, originating from China, known for its malicious activities in the realm of cybersecurity. Since 2019, it has been involved in distributing the Shadowpad malware, a sophisticated tool that has caused significant concern within the cybersecurity community. Th
WinntiUnspecified
2
Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar
RedhotelUnspecified
1
RedHotel, also known as Aquatic Panda, ControlX, and Bronze University, is a threat actor linked to Chinese state-sponsored cyber groups. It is part of a sophisticated network of espionage operations including RedAlpha, Poison Carp, and i-SOON, which are primarily involved in the theft of telecommun
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-40684Unspecified
2
CVE-2022-40684 is a significant software vulnerability identified in Fortinet devices, specifically relating to an authentication bypass flaw. This flaw in the software design or implementation allows threat actors to exploit the vulnerability, compromising network security and providing unauthorize
CVE-2022-39952Unspecified
2
CVE-2022-39952 is a critical vulnerability in Fortinet's network access control suite, FortiNAC. This flaw, which resides in the software design or implementation, could lead to arbitrary code execution, posing a severe threat to network security. The vulnerability was identified and addressed by Fo
CVE-2019-18935Unspecified
2
CVE-2019-18935 is a .NET deserialization vulnerability in the Progress Telerik user interface (UI) for ASP.NET AJAX, located in Microsoft's Internet Information Services (IIS) web server. This flaw in software design or implementation was exploited by multiple cyber threat actors, including an Advan
CVE-2021-22205Unspecified
1
CVE-2021-22205 is a significant vulnerability in GitLab, a flaw in software design or implementation that allows for remote code execution. This vulnerability has been assigned the highest severity score (CVSS score: 10.0) due to its potential impact. The bug, which is now two years old, continues t
CVE-2019-9670Unspecified
1
None
CVE-2019-9621Unspecified
1
None
Earth Lusca Earth LuscaUnspecified
1
None
CVE-2023-5009Unspecified
1
None
CVE-2023-36845Unspecified
1
CVE-2023-36845 is a significant software vulnerability, specifically a PHP external variable modification bug, identified by WatchTowr Labs' security researchers. The flaw was part of a series of vulnerabilities linked to the SRX firewall system, including a missing authentication for critical funct
Source Document References
Information about the Earth Lusca Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
5 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
6 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
12 days ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
20 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
a month ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
4 months ago
DinodasRAT Linux variant targets users worldwide
Securityaffairs
4 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini
BankInfoSecurity
4 months ago
Trend Micro Spots Possible iSoon Campaign
InfoSecurity-magazine
4 months ago
Prolific Chinese Threat Campaign Targets 100+ Victims
Securityaffairs
4 months ago
Earth Krahang APT breached tens of government orgs worldwide
Trend Micro
4 months ago
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Securityaffairs
4 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini