In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- PayPal’s “no-code checkout” abused by scammers
February 27, 2025
Malwarebytes Labs recently identified a new scam targeting PayPal customers with very convincing ads and pages. Crooks are abusing both Google and PayPal’s infrastructure in order to trick victims calling for assistance to speak with fraudsters instead. Combining official-looking Google search ads with specially-crafted PayPal pay links, makes this scheme particularly dangerous on mobile devices due ...
- How hackers ruined a Disney employee’s life after he downloaded AI photo tool
February 27, 2025
A former Disney employee’s world was turned upside down when he downloaded an artificial intelligence-powered photo program, unaware that it was laced with hacking software, during a massive data breach at the entertainment giant. In July, Matthew Van Andel, an engineer at Disney at the time, got a message on the chat forum Discord from an ...
- Proof-of-Concept Exploits Released for RSync Vulnerabilities
February 26, 2025
Five vulnerabilities have been discovered within the RSync utility. RSync is a popular tool for transferring and synchronising files between different systems. RSync is commonly used in Unix-like operating systems. CVE-2024-12084 is a ‘heap-based buffer overflow’ vulnerability, with a CVSSv3 score of 9.8. When used alongside CVE-2024-12085, attackers could gain remote code execution (RCE). CVE-2024-12085 is an ...
- Ninth day of pro-Russia cyber attacks on Italian sites
February 25, 2025
A pro-Russian hacker group, Noname057(16), staged for the ninth consecutive morning on Tuesday a new wave of cyberattacks against Italian websites, specifically targeting local administrations. The provinces of Trapani, Ragusa, Caltanissetta, Enna, the municipality of Catania and the Puglia region were among those affected by the attacks. The Agency for National Cybersecurity is providing help to ...
- The GitVenom campaign: cryptocurrency theft using GitHub
February 24, 2025
In our modern world, it’s difficult to underestimate the impact that open-source code has on software development. Over the years, the global community has managed to publish a tremendous number of projects with freely accessible code that can be viewed and enhanced by anyone on the planet. With more and more open-source projects being published, both ...
- F5 Releases Quarterly Security Notification
February 24, 2025
F5 has released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IP Next. The overview of security advisories addresses 13 vulnerabilities rated as high impact, 3 rated as medium impact, and 1 as low impact. One of the high impact advisories concerns the command injection vulnerability CVE-2025-20029, which has a CVSSv4 ...