Skip to main content

New Backdoor Linked to Earth Lusca Threat Group


Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

September 4, 2024 By Lindsey O’Donnell-Welch

 

Researchers have uncovered a new backdoor called KTLVdoor, which targets both Windows and Linux systems and is linked back to Chinese-speaking threat actor Earth Lusca.

Earth Lusca is group that has been active since at least April 2019 and has targeted organizations from various sectors globally, including the U.S., France, Germany and more. The group was observed leveraging the new Go language-based KTLVdoor, which has the capabilities to run commands, manipulate (as well as download or upload) files, provide attackers with system and network data, scan remote ports and use proxies.

“This previously unreported malware is more complex than the usual tools used by the threat actor,” said Cedric Pernet and Jaromir Horejsi with Trend Micro in a Wednesday analysis. “It is highly obfuscated and is being spread in the wild impersonating various system utilities names or similar tools, such as sshd, java, sqlite, bash, edr-agent, and more.”

 

>>Full Article<<

0 replies

Be the first to reply!

Reply