Chinese-Backed Hackers Target Taiwan in Espionage Campaign

The Chinese hacking group Earth Lusca has once again garnered attention through a recent report by Trend Micro specialists, who have unveiled the latest tactics employed by these malefactors, as well as their interests on a global scale.

In their recent campaign, the Earth Lusca group exploited documents about Sino-Africa relations as bait to disseminate malicious software. This operation, conducted from December 2023 to January 2024, coincided with the national elections in Taiwan, highlighting a particularly acute interest in the political processes within the region.

The campaign is distinguished by a complex infection chain, starting with seemingly innocuous Microsoft Word, PowerPoint, and PDF documents that contain malicious JavaScript code. This code sequentially unpacks nested archives, eventually downloading a malicious DLL library through a legitimate file disguised as software from the Chinese company Qihoo 360. This allows the attackers to gain remote control over the infected systems.

Particularly alarming is the discovery of links between Earth Lusca and the Chinese company I-Soon, which we recently reported on separately. The similarity in attack methods, their geographical scope, and their choice of targets suggest potential collaboration between these entities. It appears that the boundaries between legitimate and state-supported hacking operations are gradually blurring.

The attacks by Earth Lusca are increasingly targeting government agencies, think tanks, and experts who influence the political climate of Taiwan, which could have global repercussions affecting trade agreements, diplomatic relations, and even defense strategies.

In light of these threats, the importance of cybersecurity awareness, timely system updates, and adherence to best practices in this field cannot be overstated. These measures are crucial for protecting sensitive information and maintaining operational security amidst the growing threat posed by state-supported hackers from various countries.