Being caught up in all the events and media attention stemming from the Russo-Ukrainian conflict, one could forget that there is still activity outside the realm of the war. True, the war shifted the focus and priorities of the nations and some crime groups alike, but others went on with their business as usual. The war, and its repercussions on the threat landscape, did not entirely eliminate pre-existing threats. I would argue that some threats are showing potential for growth in the shadow of the war. There is an upside or opportunity for rogue, organized and nation-linked agents to roam undetected and even accelerate their offensive operations.
This is the third and final blog in our three-part series, which was written to shine a light on cyber activities in the first half of 2022. This particular blog covers events, attacks and heists that took place outside the Russian and Ukraine cyber war.
The undeniable focus on threats and events relating to the invasion of Ukraine by Russia does not mean other threat actors suspended their activities. On the contrary, while the eyes of the world are upon Russia, other actors have been roaming across the internet almost unnoticed.
On January 13, 2022, Trend Micro linked cyberespionage campaigns against governments, which are typically seen in state-backed campaigns, as well as financially driven attacks against several gambling companies in China and various cryptocurrency platforms to a new Chinese actor, dubbed “Earth Lucsa.” Earth Lucsa targeted government institutions in Taiwan, Thailand, the Philippines, Vietnam, the United Arab Emirates, Mongolia and Nigeria; educational institutions in Taiwan, Hong Kong, Japan and France; media agencies in Taiwan, Hong Kong, Australia, Germany and France; pro-democracy and human rights political organizations and movements in Hong Kong; COVID-19 research organizations in the United States; telecom companies in Nepal; religious movements that were banned in mainland China; and various cryptocurrency trading platforms. The threat actors leveraged spear-phishing, watering hole attacks and known vulnerabilities, such as ProxyShell and Oracle GlassFish. The payloads used during the…