APT Profile – Earth Lusca Earth Lusca (aka FishMonger) is a China-linked threat actor active since 2019 that conducts long‑term cyber-espionage against government, media, telecommunications, academic, and religious organizations while also running financially motivated campaigns against cryptocurrency platforms. Recent campaigns show expanded tooling and tradecraft — including the new Go-based, multi-platform backdoor KTLVdoor, extensive use of ShadowPad/Winnti toolsets, and a large, cloud-hosted, rotating C2 infrastructure to maintain stealth. #EarthLusca #KTLVdoor

Earth Lusca, a China-linked threat actor since 2019, targets government, media, telecom, academia, and crypto platforms using advanced tools like KTLVdoor and ShadowPad with cloud-based rotating C2 infrastructure. #China #EarthLusca #KTLVdoor

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm New cross-platform malware KTLVdoor targets Chinese trading firm, using Alibaba servers. Earth Lusca linked to attack.

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm
thehackernews.com/2024/09/new-...
#Infosec #Security #Cybersecurity #CeptBiro #CrossPlatformMalware #KTLVdoor #ChineseTradingFirm