In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Episource is notifying millions of people that their health data was stolen
July 14, 2025
Medical billing giant Episource is notifying millions of people across the United States that their personal and health information was stolen in a cyberattack earlier this year. The breach affects more than 5.4 million people, according to a listing with the U.S. Department of Health and Human Services, making it one of the largest healthcare breaches ...
- A major security flaw in top eSIM system could put billions of devices at risk
July 14, 2025
Security researchers have discovered a vulnerability in eSIM technology used in virtually all smartphones and many other internet-connected, smart devices. In theory, the flaw could have been abused to intercept or manipulate communications, extract sensitive data, inject malicious applets, and more. There are more than two billion eSIM-enabled devices that could be potentially impacted by this ...
- CNN, BBC, and CNBC websites impersonated to scam people
July 14, 2025
Researchers have uncovered a large campaign impersonating news websites, such as those from CNN, BBC, CNBC, News24, and ABC News, to promote investment scams. Adding a well known brand to your scammy site is a tale as old as time, and gives it an air of legitimacy that increases the likelihood that people will click ...
- Medicare data breach exposes personal details of 100,000 Americans
July 12, 2025
Healthcare data continues to be a top target for cybercriminals. In June alone, two major breaches compromised over 13 million patient records. Now, a newly confirmed Medicare data breach has affected more than 100,000 Americans. The Centers for Medicare & Medicaid Services (CMS) sent letters this week to those affected, confirming that hackers accessed sensitive data ...
- Bluetooth security flaws could affect thousands of Mercedes, Volkswagen, Skoda cars
July 11, 2025
Security researchers have discovered four vulnerabilities in the BlueSDK Bluetooth stack which could be chained together for remote code execution (RCE) attacks. This stack is used by multiple vendors across different industries – including car manufacturing giants Mercedes, Volkswagen, and Skoda (and possibly others). In theory, a threat actor could abuse these flaws to connect to ...
- CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw
July 11, 2025
U.S. cybersecurity agency CISA says hackers are actively exploiting a critical-rated security flaw in a widely used Citrix product, and has given other federal government departments just one day to patch their systems. Security researchers have dubbed the bug “Citrix Bleed 2” for its similarity to a 2023 security flaw in Citrix NetScaler, a networking product ...