September 5, 2024 at 02:15AM Earth Lusca, a Chinese-speaking threat actor, has been observed deploying a new backdoor named KTLVdoor in a cyber attack targeting an unnamed trading company in China. The malware is written in Golang and masquerades as system utilities, with over 50 command-and-control servers identified. Its use by other Chinese threat actors … Read more
September 4, 2024 at 03:51AM Summary: The Chinese-speaking threat actor Earth Lusca has been found using a new multiplatform backdoor named KTLVdoor, which is highly obfuscated and has both Windows and Linux versions. The malware allows attackers to carry out various tasks and features sophisticated encryption and obfuscation techniques. The attack campaign involves significant infrastructure … Read more
February 26, 2024 at 01:39AM Earth Lusca, a China-linked threat actor, launched a campaign targeting Taiwan before the national elections, using geopolitical relations as a lure to infect selected targets. The attacks involved spear phishing and a multi-stage infection chain, ultimately deploying a stageless Cobalt Strike payload. There are significant overlaps between the tools used … Read more