In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New botnet unleashes record-breaking DDoS attacks
March 7, 2025
A new botnet dubbed “Eleven11bot” has emerged, delivering what security researchers believe are the largest distributed denial-of-service (DDoS) attacks ever recorded. The botnet, primarily composed of compromised webcams and video recorders, has triggered widespread service disruptions and ignited a debate within the cybersecurity community about its true size. Nokia’s Deepfield Emergency Response Team first detected the ...
- Cisco Releases Security Advisory for Secure Client
March 6, 2025
Cisco has released a security advisory to address a vulnerability in its Secure Client for Windows. Secure Client is Cisco’s endpoint virtual private network (VPN) solution. CVE-2025-20206 has a CVSSv3 score of 7.1 and if exploited could allow an authenticated, local attacker to achieve arbitrary code execution (ACE) on the affected machine with SYSTEM privileges via ...
- Trojans disguised as AI: cybercriminals exploit DeepSeek’s popularity
March 6, 2025
Among the most significant events in the AI world in early 2025 was the release of DeepSeek-R1 – a powerful reasoning large language model (LLM) with open weights. It’s available both for local use and as a free service. Since DeepSeek was the first service to offer access to a reasoning LLM to a wide ...
- Russian crypto exchange Garantex seized by law enforcement operation
March 6, 2025
The U.S. Secret Service, working with a coalition of international law enforcement agencies, has taken down and seized the website of Garantex, a Russian cryptocurrency exchange accused of being associated with darknet markets and ransomware hackers. On Thursday, the official Garantex website was replaced with a notice saying the exchange’s domain has been seized by the ...
- Hacked health firm HCRG demanded journalist ‘take down’ data breach reporting, citing UK court order
March 6, 2025
A U.S.-based independent cybersecurity journalist has declined to comply with a U.K. court-ordered injunction that was sought following their reporting on a recent cyberattack at U.K. private healthcare giant HCRG. Law firm Pinsent Masons, which served the February 28 court order on behalf of HCRG, demanded that DataBreaches.net “take down” two articles that referenced the ransomware ...
- Unpacking a B2B Business Email Compromise (BEC) Scenario
March 5, 2025
When an organization is subject to a Business Email Compromise (BEC), a single email could result in substantial monetary losses. Threat actors employing such tactics could employ different techniques, ranging from simple to advanced, and have seen increased activities yearly. A recent investigation examined not a typical BEC scenario where a threat actor simply sends a ...