In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Billions of Passwords Offered for $2 in Cyber-Underground
February 8, 2021
A “compilation of many breaches” – COMB for short – has been leaked on the cyber-underground, according to researchers. The so-called COMB contains a staggering 3.27 billion unique combinations of cleartext email addresses and passwords. The trove is an aggregate database that brings together older stolen data from breaches past – including credentials from Netflix, LinkedIn, ...
- Fortinet fixes critical vulnerabilities in SSL VPN and web firewall
February 7, 2021
Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. Multiple advisories published by FortiGuard Labs this month and in January 2021 mention various critical vulnerabilities that Fortinet has ...
- Signal ignores proxy censorship vulnerability, bans researchers
February 7, 2021
Signal, an end-to-end encrypted messaging platform was recently blocked by the Iranian government. To help its users bypass censorship in Iran, the company suggested a TLS proxy workaround. However, multiple researchers have now discovered flaws in the workaround that can let a censor or government authority probe into Signal TLS proxies, rendering these protections moot and potentially ...
- Eletrobras, Copel energy companies hit by ransomware attacks
February 5, 2021
Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week. State-controlled, both are key players in the country. Copel being the largest in the state of Paraná while Eletrobras is the largest power utility company in Latin America ...
- Cisco warns of critical remote code execution flaws in its small business VPN routers
February 5, 2021
Cisco is warning customers using its small business routers to upgrade the firmware to fix flaws that could give remote attackers root level access to the devices. The critical flaws affect the Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers. These were the models Cisco recommended customers using unsupported small business routers to ...
- Hacking group also used an IE zero-day against security researchers
February 4, 2021
An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers. Last month, Google disclosed that the North Korean state-sponsored hacking group known as Lazarus was conducting social engineering attacks against security researchers. To perform their attacks, the threat actors created elaborate online ‘security researcher’ personas that would then ...