【要点】
◎中国の標的型攻撃組織。Winnti Umbrella と類似点が多いが別行動の組織とみられている
◎学術機関、電気通信会社、宗教団体、その他の市民社会団体などを標的とする
【辞書】
◆Earth Lusca (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/earth_lusca
◆BRONZE UNIVERSITY (Secureworks)
https://www.secureworks.com/research/threat-profiles/bronze-university
【別名】
| 攻撃組織名 | 備考 |
|---|---|
| Aquatic Panda | Malpedia は同一組織と主張 |
| BRONZE UNIVERSITY | Secureworks |
| Charcoal Typhoon | Microsoft |
| CHROMIUM | |
| ControlX | |
| Earth Lusca | Trendmicro |
| FISHMONGER | |
| Red Dev 10 | |
| RedHotel | Recorded Future |
| TAG-22 | Recorded Future |
【概要】
| 項目 | 内容 |
|---|---|
| ATT&CK ID | G1006 |
| 活動拠点 | 中国 |
| 活動内容 | 諜報活動 |
【使用ツール】
| ATT&CK ID | ツール名 | 備考 |
|---|---|---|
| S0154 | Cobalt Strike | |
| Fishmaster | ||
| FunnySwitch | ||
| njRAT | ||
| S0596 | ShadowPad | |
| Spyder |
【ニュース】
◆中国のサイバースパイ集団、新たに南米の外交機関を標的に (CIO, 2023/02/17)
https://project.nikkeibp.co.jp/idg/atcl/19/00002/00437/
⇒ https://malware-log.hatenablog.com/entry/2023/02/17/000000_3
◆Chinese hackers targeted at least 17 countries across Asia, Europe and North America (The Record, 2023/08/09)
[中国のハッカー、アジア、ヨーロッパ、北米の少なくとも17カ国を標的に]
https://therecord.media/chinese-military-hackers-redhotel-target-countries-across-asia-north-america-europe
⇒ https://malware-log.hatenablog.com/entry/2023/08/09/000000_4
◆RedHotel Checks in as Dominant China-Backed Cyberspy Group (Dark Reading, 2023/08/10)
[RedHotel、中国が支援する有力なサイバースパイグループとしてチェックイン]The APT has been rampaging across three continents on behalf of China's Ministry of State Security, and now claims the throne as kings of intelligence gathering and economic espionage.
[中国の国家安全保障省に代わって、APTは三大陸を股にかけて暴れまわり、今や情報収集と経済スパイの王座に君臨している]https://www.darkreading.com/threat-intelligence/redhotel-dominant-china-backed-cyber-spy-group
⇒ https://malware-log.hatenablog.com/entry/2023/08/10/000000
【ブログ】
◆Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling (Recorded Future, 2021/07/08)
https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan
⇒ https://malware-log.hatenablog.com/entry/2021/07/08/000000_14
◆巧妙化したインフラや多様なツールを駆使するEarth Luscaグループの攻撃活動を解説 (Trendmicro, 2022/03/02)
https://www.trendmicro.com/ja_jp/research/22/c/Earth-Lusca.html
⇒ https://malware-log.hatenablog.com/entry/2022/03/02/000000_13
【公開情報】
◆RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale (Recorded Future, 2023/08/08)
[レッドホテル: 世界規模で事業を展開する中国国策グループ]
https://www.recordedfuture.com/redhotel-a-prolific-chinese-state-sponsored-group-operating-at-a-global-scale
⇒ https://malware-log.hatenablog.com/entry/2023/08/08/000000_3
【資料】
◆RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale
[レッドホテル: 世界規模で事業を展開する中国国策グループ]
https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf
⇒ https://malware-log.hatenablog.com/entry/2023/08/08/000000_3
【論文】
◆Delving Deep: An Analysis of Earth Lusca’s Operations (Trendmicro, 2022/03/02)
[深層への挑戦:Earth Luscaの事業分析]
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf
⇒ https://malware-log.hatenablog.com/entry/2022/03/02/000000_14
【検索】
google: Earth Lusca
google: TAG-22
google: BRONZE UNIVERSITY
google: RedHotel
google: Charcoal Typhoon
google:news: Earth Lusca
google:news: TAG-22
google: BRONZE UNIVERSITY
google:news: RedHotel
google:news: Charcoal Typhoon
google: site:virustotal.com Earth Lusca
google: site:github.com Earth Lusca
google: site:virustotal.com RedHotel
google: site:virustotal.com Charcoal Typhoon
google: site:github.com RedHotel
google: site:github.com Charcoal Typhoon
google: site:github.com BRONZE UNIVERSITY
google: site:github.com TAG-22
google: site:github.com Earth Lusca
■Bing
https://www.bing.com/search?q=Earth Lusca
https://www.bing.com/search?q=RedHotel
https://www.bing.com/search?q=Charcoal Typhoon
https://www.bing.com/search?q=BRONZE UNIVERSITY
https://www.bing.com/search?q=TAG-22
https://www.bing.com/news/search?q=Earth Lusca
https://www.bing.com/news/search?q=RedHotel
https://www.bing.com/news/search?q=Charcoal Typhoon
https://www.bing.com/news/search?q=BRONZE UNIVERSITY
https://www.bing.com/news/search?q=TAG-22
https://twitter.com/search?q=%23Earth Lusca
https://twitter.com/search?q=%23RedHotel
https://twitter.com/search?q=%23Charcoal Typhoon
https://twitter.com/search?q=%23BRONZE UNIVERSITY
https://twitter.com/search?q=%23TAG-22
https://twitter.com/hashtag/Earth Lusca
https://twitter.com/hashtag/RedHotel
https://twitter.com/hashtag/Charcoal Typhoon
https://twitter.com/hashtag/BRONZE UNIVERSITY
https://twitter.com/hashtag/TAG-22
【関連まとめ記事】
◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT
