Since mid-2021, Trend Micro researchers have been investigating a rather elusive threat actor called Earth Lusca that targets organizations globally via a campaign that uses traditional social engineering techniques such as spear phishing and watering holes. The group’s primary motivation seems to be cyberespionage: the list of its victims includes high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, Covid-19 research organizations, and the media, among others. However, the threat actor also seems to be financially motivated, as it also took aim at gambling and cryptocurrency companies.
Previous research into the group’s activities attributed it to other threat actors such as the Winnti group due to the use of malware such as Winnti, but despite some similarities, we consider Earth Lusca a separate threat actor (we do have evidence, however, that the group is part of the “Winnti cluster,” which is comprised of different groups with the same origin country and share aspects of their TTPs).
Source: Trend Micro