In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Raindrop Backdoor: New Malware Discovered in SolarWinds Investigation
January 20, 2021
Symantec, a division of Broadcom, has uncovered an additional piece of malware used in the SolarWinds attacks which was used against a select number of victims that were of interest to the attackers. Raindrop (Backdoor.Raindrop) is a loader which delivers a payload of Cobalt Strike. Raindrop is very similar to the already documented Teardrop tool, but ...
- XDR investigation uncovers PlugX, unique technique in APT attack
January 20, 2021
Advanced persistent threats (APT) are known — and are universally dreaded — for their stealth. Actors behind such attacks actively innovate their techniques to evade detection and ensure that they maintain a foothold inside an environment as long as possible. Through the Apex One with Endpoint Sensor (iES), we discovered one such incident wherein an ...
- Bugs in Signal, Facebook, Google chat apps let attackers spy on users
January 20, 2021
Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users’ surroundings without permission before the person on the other end picked up the calls. The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now ...
- Cyberattack fears raise the alarm in Eastern European countries
January 20, 2021
The cyberattacks that targeted multiple US government agencies and companies in recent months have raised the alarm in developing Eastern European countries regarding their own cybersecurity capabilities. During the past year, some of them, like North Macedonia, have already experienced breaches of their state IT systems: last summer, the country had its electoral process disrupted by ...
- A Chinese hacking group is stealing airline passenger details
January 20, 2021
A suspected Chinese hacking group has been attacking the airline industry for the past few years with the goal of obtaining passenger data in order to track the movement of persons of interest. The intrusions have been linked to a threat actor that the cyber-security has been tracking under the name of Chimera. Believed to be operating ...
- Cisco fixes critical pre-auth bugs in SD-WAN, cloud license manager
January 20, 2021
Cisco has released security updates to address pre-auth remote code execution (RCE) vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software. SD-WAN are software products that help manage wide-area networks (WAN) while Smart Software Manager is a cloud-based management solution for Cisco licenses. Unauthenticated attackers can remotely exploit buffer overflow and command injection bugs ...