CNG0143G1006

Earth LuscaEarth Lusca

Also known as: CHROMIUM · ControlX · TAG-22 · FISHMONGER · BRONZE UNIVERSITY · AQUATIC PANDA · Red Dev 10 · RedHotel · Charcoal Typhoon · BountyGlad · Red Scylla · Earth Lusca

Origin
CN
Known aliases
12
Target sectors
10

Profile

Earth Lusca is a threat actor from China that targets organizations of interest to the Chinese government, including academic institutions, telecommunication companies, religious organizations, and other civil society groups. Earth Lusca's tools closely resemble those used by Winnti Umbrella, but the group appears to operate separately from Winnti. Earth Lusca has also been observed targeting cryptocurrency payment platforms and cryptocurrency exchanges in what are likely financially motivated attacks.

Aliases· 12

CHROMIUMControlXTAG-22FISHMONGERBRONZE UNIVERSITYAQUATIC PANDARed Dev 10RedHotelCharcoal TyphoonBountyGladRed ScyllaEarth Lusca

Target sectors· 10

Gambling companiesGovernment InstitutionsEducationMedia and EntertainmentPro-democracy and human rights political organizationsTelecommunicationsReligious organizationCryptocurrencyMedicalCovid-19 research organizations

Known victims· 15

  • Australia
  • China
  • France
  • Germany
  • Hong Kong
  • Japan
  • Mongolia
  • Nepal
  • Nigeria
  • Philippines
  • Taiwan
  • Thailand

MITRE ATT&CK Group crosswalk

G0143G1006

References

  1. https://hello.global.ntt/-/media/ntt/global/insights/white-papers/the-operations-of-winnti-group.pdf
  2. https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf
  3. https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan
  4. https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi
  5. https://media-exp1.licdn.com/dms/document/C561FAQHhWFRcWmdCPw/feedshare-document-pdf-analyzed/0/1639591145314?e=1658966400&v=beta&t=_uCcyEVg6b_VDiBTvWQIXtBOdQ1GQAAydqGyq62KA3E
  6. https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf
  7. https://www.pwc.co.uk/issues/cyber-security-services/research/chasing-shadows.html
  8. https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Earth Lamia
Actor
Earth Alux
Actor
Earth Wendigo
Actor
Earth Krahang
Actor
UNC6691
Actor
Earth Naga
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.