In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Windows PsExec zero-day vulnerability gets a free micropatch
January 7, 2021
A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft’s Windows PsExec management tool is now available through the 0patch platform. PsExec is a fully interactive telnet-replacement that allows system admins to execute programs on remote systems. PsExec tool is also integrated into and used by enterprise tools to remotely launch executables on other ...
- North Korean hackers launch RokRat Trojan in campaigns against the South
January 7, 2021
A North Korean hacking group is utilizing the RokRat Trojan in a fresh wave of campaigns against the South Korean government. The Remote Access Trojan (RAT) has been connected to attacks based on the exploit of a Korean language word processor commonly used in South Korea for several years; specifically, the compromise of Hangul Office documents ...
- Ryuk gang estimated to have made more than $150 million from ransomware attacks
January 7, 2021
The operators of the Ryuk ransomware are believed to have earned more than $150 million worth of Bitcoin from ransom payments following intrusions at companies all over the world. In a joint report published today, threat intel company Advanced Intelligence and cybersecurity firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed and linked ...
- Expanding Range and Improving Speed: A RansomExx Approach
January 6, 2021
RansomExx, a ransomware variant responsible for several high-profile attacks in 2020, has shown signs of further development and unhampered activity. The most recently reported development involves the use of newer variants adapted for Linux servers that effectively expanded its range to more than Windows servers. Own monitoring efforts found RansomExx compromising companies in the United States, ...
- CISA Update: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
January 6, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat ...
- JetBrains denies being involved in SolarWinds hack
January 6, 2021
Czech software development firm JetBrains published a statement today denying reports from the New York Times and the Wall Street Journal claiming that JetBrains is under investigation for possibly being involved in the SolarWinds hack that impacted thousands of companies across the globe. The reports, citing government sources, said that US officials are looking at a ...