In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cybersecurity Challenges for the European Railways
February 15, 2021
The European Union Agency for Cybersecurity (ENISA) released in November 2020 its “Cybersecurity in Railways” report to raise awareness about the cybersecurity challenges facing Europe’s railways. The report identifies the current cybersecurity status and challenges as well as proposes cybersecurity measures to combat these challenges and enhance the sector’s security posture. The report is based ...
- France links Russian Sandworm hackers to hosting provider attacks
February 15, 2021
The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group. ANSSI (short for Agence Nationale de la Sécurité des Systèmes d’Information) has not been able to determine how the servers were compromised. Therefore, it ...
- DDoS attack takes down EXMO cryptocurrency exchange servers
February 15, 2021
The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack. “We are currently experiencing a DDoS attack on our platform,” the exchange said in a notification published earlier today. “Please note that the EXMO exchange website is now under the DDoS attack. The servers are temporarily unavailable.” In ...
- Egregor ransomware members arrested by Ukrainian, French police
February 14, 2021
A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine. As reported first by France Inter, on Tuesday, law enforcement made the arrests after French authorities could trace ransom payments to individuals located in Ukraine. The arrested individuals are thought to be ...
- Leading Canadian rental car company hit by DarkSide ransomware
February 13, 2021
Canadian Discount Car and Truck Rentals has been hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data. Discount Car and Truck Rentals is a leading Canadian car and truck rental company with 300 locations throughout Canada. Enterprise Holdings’ Canadian subsidiary acquired the company in 2020. This month, the car rental ...
- mHealth Apps Expose Millions to Cyberattacks
February 12, 2021
Some 23 million mobile health (mHealth) application users are exposed to application programming interface (API) attacks that could expose sensitive information, according to researchers. Generally speaking, APIs are an intermediary between applications that defines how they can talk to one another and allowing them to swap information. Researcher Alissa Knight with Approov tried to break into ...