In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Vyveva: Lazarus hacking group’s latest weapon strikes South African freight
April 8, 2021
Researchers have discovered a new backdoor employed by the Lazarus hacking group in targeted attacks against the freight industry. On Thursday, ESET said the new backdoor malware, dubbed Vyveva, was traced in an attack against a South African freight and logistics firm. While the initial attack vector for deploying the malware is not yet known, examining machines ...
- Google Chrome blocks port 10080 to stop NAT Slipstreaming attacks
April 8, 2021
Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks. Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors’ NAT firewall and gain access to ...
- New wormable Android malware poses as Netflix to hijack WhatsApp sessions
April 7, 2021
A new variant of Android malware has been discovered in an app on Google Play that entices users by promising free Netflix subscriptions. On Wednesday, Check Point Research (CPR) said the “wormable” mobile malware was discovered in the Google Play Store, the official repository for Android apps. The malicious software, dubbed “FlixOnline,” disguises itself as a ...
- New Cring ransomware hits unpatched Fortinet VPN devices
April 7, 2021
A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies’ networks. Cring ransomware (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom) was discovered by Amigo_A in January and spotted by the CSIRT team of Swiss telecommunications provider Swisscom. The Cring operators drop customized Mimikatz ...
- Man jailed for trying to buy chemical weapon online able to kill ‘hundreds’ of people
April 7, 2021
A man has been jailed for trying to buy a chemical weapon online capable of killing “hundreds” of people. On Tuesday, the US Department of Justice (DoJ) announced that Jason William Siesser, a resident of Missouri, will spend 12 years behind bars in federal prison without the possibility of parole. The 46-year-old tried to buy two and ...
- New survey report released: The state of industrial cybersecurity (Part 2)
April 6, 2021
This article is a second part of our three-part blog series, explaining the result of Trend Micro’s latest survey about industrial cybersecurity. The previous post showed the result of this survey- most IT and OT people recognize the biggest challenge is technology rather than people and process. We also found some gaps of awareness between ...