Nation-State Actor
Earth Lusca
China • Active since 2019
Earth Lusca attacks governments by hacking websites that government workers visit. When someone visits the hacked website, their computer gets infected. They target governments across Asia.
Overview
Earth Lusca is a Chinese threat group that targets government and intergovernmental organizations worldwide, with a focus on Asian countries. They use watering hole attacks and spear-phishing.
Also Known As
TAG-22, Charcoal Typhoon
Target Industries
Government, Education, Religious Organizations, Media, NGOs
Target Regions
Asia, Southeast Asia, Middle East, Europe
Is your business exposed?
Tactics, Techniques & Procedures
- • Watering hole attacks
- • Spear-phishing
- • N-day exploitation
- • Web application exploitation
- • Data exfiltration
Known Tools & Malware
Cobalt Strike, Winnti, Doraemon, ShadowPad, FunnySwitch
Notable Campaigns
Asian Government Targeting (2021-2023)
Targeted government entities across multiple Asian countries.
Intergovernmental Organization Attacks (2022)
Targeted international organizations and embassies.
MITRE ATT&CK Techniques
T1189, T1566.001, T1190, T1041, T1059
Defense Recommendations
- 1.
Implement web isolation for government staff
- 2.
Monitor for Cobalt Strike indicators
- 3.
Assess watering hole risk exposure
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required