© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Earth Lusca: cyber espionage with crypto theft on the side


A China-linked cyber espionage group targets government institutions with a side dish of financially motivated crypto theft.

Researchers at Trend Micro claim that an analysis of Earth Lusca activities points to the group focusing on high-value targets with a side gig of theft.

According to the report, Earth Lusca targets organizations via a campaign that employs social engineering techniques like spear-phishing and watering holes.

The primary motivation behind the attacks is to penetrate high-value targets like governments, educational institutions, pro-democracy and human rights organizations in Hong Kong, Covid-19 researchers, and the media.

Researchers think Earth Lusca is a part of a greater China-based Winnti cluster. The latter encompasses numerous hacker groups that focus on intelligence gathering and intellectual property theft.

“The threat actor also seems to be financially motivated, as it also took aim at gambling and cryptocurrency companies,” reads the report.

The business, however, does not seem to be booming. A technical report on Earth Lusca operations claims that while the hacker group installs crypto miners on victim devices, the revenue from the activities seems low.
.“Evidence points to Earth Lusca being a highly-skilled and dangerous threat actor mainly motivated by cyberespionage and financial gain. However, the group still primarily relies on tried-and-true techniques to entrap a target,” researchers claim.

The operational scope of Earth Lusca appears to be genuinely global as hackers target multiple targets around the globe.

The key targets for the group, according to Trend Micro, are Gambling companies in Mainland China, government institutions in Taiwan, Thailand, Philippines, Vietnam, United Arab Emirates, Mongolia, and Nigeria, educational institutions in Taiwan, Hong Kong, Japan, and France.

The group also seems to be targeting news media in Taiwan, Hong Kong, Australia, Germany, and France, pro-democracy and human rights political organizations and movements in Hong Kong, Covid-19 research organizations in the United States, telecom companies in Nepal, religious movements that are banned in Mainland China and various crypto trading platforms.


More from CyberNews:

Troubling trend: it takes nine months to detect and respond to a cyberattack

InvestDEFY launches Equal Weighted Metaverse + Web 3.0 NFT index for investors

Israel police used Pegasus software to spy on citizens - media

NCA shuts down the UK server of an encryption service linked to cybercrime

Scammers set up a mock Nintendo site peddling phony discounts

Subscribe to our newsletter


Leave a Reply

Your email address will not be published. Required fields are marked