Earth Uses Geopolitical Lure to Target Taiwan Before Elections
released on 2024-02-26 @ 10:27:23 AM
A threat actor tracked as Earth Lusca launched a spear phishing campaign using Chinese-Taiwanese relations as a lure to infect targets in Taiwan. The campaign was active between December 2023 and January 2024. The initial infection file contained shortcuts that executed obfuscated JavaScript leading to a Cobalt Strike payload. Stolen documents were used as decoys. Overlaps in victims, malware, location suggest links between Earth Lusca and Chinese company I-Soon.