earth_lumia
Earth Lumia is a China-nexus, state-aligned threat actor. In the provided reporting, Earth Lumia is identified as one of the early actors exploiting the critical React 19 remote code execution vulnerability known as React2Shell to gain server access and deploy follow-on tooling. The activity described places the group among early exploitation clusters abusing exposed default React and Next.js deployments shortly after public disclosure. Known alias in the provided content: earth_lumia. The content also references Jackpot Panda as another China-linked group active in the same exploitation wave, but does not state that it is an alias or subgroup of Earth Lumia.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.