BleepingComputer ·EN-US News source Research Earth Lusca FishMongerSprySOCKSRawWNPFDriverLoader
Windows version of SprySOCKS Linux malware used to attack govt orgs
CVE Tools coverage
ESET found Windows versions of the SprySOCKS backdoor being used in attacks against government organizations in Taiwan, Thailand, Pakistan, and Honduras during 2023–2024. The activity is assessed with high confidence as the work of the Earth Lusca threat actor (also tracked as FishMonger, Aquatic Panda, Red Dev 10, and TAG-22), and the malware’s Windows variants add kernel-level stealth plus covert command-and-control through diverted TCP traffic. Researchers also noted signals that a possible UEFI bootkit component could involve CVE-2023-24932 (a Secure Boot issue), which matters because it may indicate additional pre-OS persistence risk alongside the already stealthy Windows backdoors.