"Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities"

Earth Lusca, a threat actor with ties to China, has been observed targeting government organizations with a new Linux backdoor called SprySOCKS. Trend Micro first documented Earth Lusca in January 2022, detailing the adversary's attacks against public and private sector entities in Asia, Australia, Europe, and North America. Since 2021, the group has used spear-phishing and watering hole attacks to execute its cyber espionage schemes. Some of the group's activities overlap with another threat cluster tracked by Recorded Future as RedHotel. New findings suggest that Earth Lusca remains an active group, expanding its operations to target organizations worldwide in the first half of 2023. Foreign affairs, technology, and telecommunications-related government departments are primary targets. This article continues to discuss the China-linked threat Earth Lusca targeting government entities using a new Linux backdoor called SprySOCKS.

THN reports "Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities"