In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Philippines reports foreign cyber intrusions targeting intelligence data, but no breaches
February 18, 2025
The Philippines has detected foreign attempts to access intelligence data, but its cyber minister said on Tuesday no breaches have been recorded so far. Attempts to steal data are wide-ranging, said minister for information and communications Ivan Uy. Advanced Persistent Threats or APTs have repeatedly attempted but failed to infiltrate government systems, suggesting the country’s cyber-defences ...
- StaryDobry ruins New Year’s Eve, delivering miner instead of presents
February 18, 2025
On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Kaspersky telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRig cryptominer. This previously unidentified actor is targeting users worldwide—including in Russia, Brazil, Germany, Belarus and ...
- 50,000 electronic attacks countered daily by UAE Cybersecurity Council
February 17, 2025
Dr. Mohammed Hamad Al Kuwaiti, Chairman of the UAE Cybersecurity Council, stated that the UAE possesses an advanced cybersecurity system capable of predicting and countering most electronic attacks before they occur. He noted that the average daily cyberattacks on key sectors exceeds 50,000, all of which are proactively deterred and mitigated. In statements to the Emirates ...
- Data breach leaks a whopping 2.7 billion records inclusing smartphone and Wi-Fi info
February 16, 2025
A huge data breach has resulted in the leak of 2.7 billion records belonging to China’s Mars Hydro. The company is involved in indoor growing and hydroponics which is the process of growing plants without soil. The company offers LED grow lights, grow tents, and other products. Because many of the products it offers are controlled ...
- Security updates released for PostgreSQL
February 14, 2025
The PostgreSQL Global Development Group (also known as Postgres) has released an advisory to address a high severity vulnerability in PostgreSQL. PostgreSQL is a relational SQL database management system. CVE-2025-1094 is an ‘improper neutralisation of quoting syntax’ vulnerability with a CVSSv3 score of 8.1. If exploited, a remote unauthenticated attacker could achieve SQL injection via sending ...
- Zacks Investment hit in data breach – 12 million users potentially at risk
February 14, 2025
A report by BleepingComputer cites a thread posted on an underground hacking forum claiming to have breached Zacks in June 2024, gaining sensitive information on 12 million people, including names, usernames, email addresses, postal addresses, and phone numbers. The forum thread contained a small sample, and an offer for the entire batch in exchange for a ...