Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 19:08:00 UTC
 APT group: LuminousMoth
Names LuminousMoth (Kaspersky)
Country China
Motivation Information theft and espionage
First seen 2020
Description
(Kaspersky) APT actors are known for the frequently targeted nature of their attacks.
Typically, they will handpick a set of targets that in turn are handled with almost surgical
precision, with infection vectors, malicious implants and payloads being tailored to the
victims’ identities or environment. It’s not often we observe a large-scale attack conducted by
actors fitting this profile, usually due to such attacks being noisy, and thus putting the
underlying operation at risk of being compromised by security products or researchers.
We recently came across unusual APT activity that exhibits the latter trait – it was detected in
high volumes, albeit most likely aimed at a few targets of interest. This large-scale and highly
active campaign was observed in South East Asia and dates back to at least October 2020, with
the most recent attacks seen around the time of writing. Most of the early sightings were in
Myanmar, but it now appears the attackers are much more active in the Philippines, where
there are more than 10 times as many known targets.
Further analysis revealed that the underlying actor, which we dubbed LuminousMoth, shows
an affinity to the Mustang Panda, Bronze President (HoneyMyte) group. This is evident in
both network infrastructure connections, and the usage of similar TTPs to deploy the Cobalt
Strike Beacon as a payload. In fact, our colleagues at ESET and Avast recently assessed that
HoneyMyte was active in the same region. The proximity in time and common occurrence in
Myanmar of both campaigns could suggest that various TTPs of HoneyMyte may have been
borrowed for the activity of LuminousMoth.
Observed Countries: Myanmar, Philippines.
Tools used Cobalt Strike.
Information Last change to this card: 09 August 2021
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=2198ddbe-ccb6-4cfb-898f-3757226c1482
Page 1 of 2

Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=2198ddbe-ccb6-4cfb-898f-3757226c1482
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=2198ddbe-ccb6-4cfb-898f-3757226c1482
Page 2 of 2