Earth Lusca

APT / StateG1006
OriginChina
Techniques (MITRE ATT&CK)44
SourceMITRE ATT&CK
Also known as:TAG-22Charcoal TyphoonCHROMIUMControlX

Vexday analysis

Earth Lusca é um grupo de espionagem cibernética de origem chinesa, ativo desde pelo menos abril de 2019 e rastreado pela MITRE ATT&CK sob o identificador G1006, sendo também conhecido pelos aliases TAG-22, Charcoal Typhoon, CHROMIUM e ControlX. O grupo tem como alvos organizações governamentais, veículos de mídia, empresas de telecomunicações, instituições educacionais, plataformas de negociação de criptomoedas e movimentos religiosos proscritos na China, entre outros setores, com atuação documentada em múltiplos países da Ásia-Pacífico, Europa, África e América do Norte. Ao grupo são atribuídas 4 CVEs conhecidas por exploração ativa e 44 técnicas documentadas no framework MITRE ATT&CK.

Techniques (MITRE ATT&CK) 44

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance
Vulnerability Scanning
Resource development
DomainsServerWeb ServicesServerWeb ServicesMalwareToolUpload Malware
Initial access
Drive-by CompromiseExploit Public-Facing ApplicationSpearphishing Link
Execution
Windows Management InstrumentationScheduled TaskPowerShellVisual BasicPythonJavaScriptMalicious LinkMalicious File
Persistence
SSH Authorized KeysWindows ServicePrint Processors
Privilege escalation
Bypass User Account Control
Credential access
LSASS MemoryDCSync
Discovery
System Service DiscoverySystem Network Configuration DiscoveryRemote System DiscoverySystem Owner/User DiscoverySystem Network Connections DiscoveryProcess DiscoveryDomain Trust Discovery
Lateral movement
Exploitation of Remote Services
Collection
Archive via Utility
Command and control
Proxy
Exfiltration
Exfiltration to Cloud Storage
defense-impairment
Modify Registry
stealth
Obfuscated Files or InformationSteganographyMatch Legitimate Resource Name or LocationDeobfuscate/Decode Files or InformationMshtaDLL

Exploited vulnerabilities 4

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2014-7169CRITICALEPSS 100%KEVCVE-2020-1472MEDIUMEPSS 100%KEVCVE-2016-6662EPSS 68%CVE-2017-0176EPSS 46%

Earth Lusca uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →