Earth Lusca Expands Arsenal with Windows SprySOCKS Malware

Chinese threat actor Earth Lusca has upgraded its malware arsenal with Windows SprySOCKS, a sneaky tool that lets hackers secretly send commands to compromised devices, allowing them to fly under the radar. This latest move has been linked to a string of high-profile attacks on government organizations worldwide.

https://osintsights.com/earth-lusca-expands-arsenal-with-windows-sprysocks-malware?utm_source=mastodon&utm_medium=social

#EarthLusca #WindowsSprysocksMalware #Sprysocks #China #Government

Read more about the latest research I did with my talented colleague @jaromirhorejsi ! We exposed a previously unreported and new malware family we named KTLVdoor, used by Chinese-speaking threat actors including #EarthLusca ! More than 50 C2s have been found to communicate with this #malware family !

https://www.trendmicro.com/en_us/research/24/i/earth-lusca-ktlvdoor.html

#cyberespionage #china

Trend Micro reports on a new China-nexus cyberespionage group (dubbed Earth Krahang) that primarily targets Southeast Asia and then Europe, America, and Africa. It has multiple connections to another Chinese APT Earth Lusca (aka Aquatic Panda, Bronze University, Charcoal Typhoon, RedHotel) and potential links to i-SOON. Trend Micro was able to retrieve multiple files from Earth Krahang’s servers, including samples, configuration files, and log files from its attack tools. MITRE ATT&CK TTPs and IOC provided. 🔗 https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html

#EarthKrahang #cyberespionage #EarthLusca #AquaticPanda #CharcoalTyphoon #RedHotel #China #APT #IOC #threatintel #MITREATTACK