APT Profile – Earth Lusca Earth Lusca (aka FishMonger) is a China-linked threat actor active since 2019 that conducts long‑term cyber-espionage against government, media, telecommunications, academic, and religious organizations while also running financially motivated campaigns against cryptocurrency platforms. Recent campaigns show expanded tooling and tradecraft — including the new Go-based, multi-platform backdoor KTLVdoor, extensive use of ShadowPad/Winnti toolsets, and a large, cloud-hosted, rotating C2 infrastructure to maintain stealth. #EarthLusca #KTLVdoor

Earth Lusca, a China-linked threat actor since 2019, targets government, media, telecom, academia, and crypto platforms using advanced tools like KTLVdoor and ShadowPad with cloud-based rotating C2 infrastructure. #China #EarthLusca #KTLVdoor

Read more about the latest research I did with my talented colleague Jaromir ! We exposed a previously unreported and new malware family we named KTLVdoor, used by Chinese-speaking threat actors including #EarthLusca - More than 50 C2s ! #cyberespionage - www.trendmicro.com/en_us/resear...

Very proud to release my latest research which exposes a Chinese-speaking threat actor to attacks on Taiwan before the national elections - www.trendmicro.com/en_us/resear... #APT #cyberespionage #isoon #EarthLusca #i-soon