In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- DHS warns of data theft risk when using Chinese products
December 23, 2020
The US Department of Homeland Security (DHS) warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the People’s Republic of China (PRC). The reason that prompted this business advisory is the need to highlight the PRC government-sponsored data theft risk to all organizations and individuals who ...
- FBI warns of ongoing COVID-19 vaccine related fraud schemes
December 22, 2020
US federal agencies have warned about scammers exploiting the public’s interest in the COVID-19 vaccine to harvest personal information and steal money through multiple ongoing and emerging fraud schemes. The warning was issued earlier today through the FBI National Press Office by the Federal Bureau of Investigation (FBI), the Department of Health and Human Services Office ...
- Holiday Puppy Swindle Has Consumers Howling
December 22, 2020
Puppy photos are undeniably irresistible but beware; researchers have uncovered a scheme selling fake German Shepherd puppies for Bitcoin, leaving buyers crushed and without a tiny fuzzy friend to cuddle on Christmas morning. The scam was discovered by an intrepid researcher at Anomali, who got wind of the fake puppy offer and decided to investigate. Image: ThreatPost Read ...
- Partial lists of organizations infected with Sunburst malware released online
December 21, 2020
Multiple security researchers and research teams have published over the weekend lists ranging from 100 to 280 organizations that installed a trojanized version of the SolarWinds Orion platform and had their internal systems infected with the Sunburst malware. The list includes the names of tech companies, local governments, universities, hospitals, banks, and telecom providers. The biggest names ...
- Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)
December 21, 2020
On Dec. 4, 2020, the Kubernetes Product Security Committee disclosed a new Kubernetes vulnerability assigned CVE-2020-8554. It is a medium severity issue affecting all Kubernetes versions and is currently unpatched. CVE-2020-8554 is a design flaw that allows Kubernetes Services to intercept cluster traffic to any IP address. Users who can manage services can exploit the ...
- The future of cyberconflicts
December 21, 2020
The ever-increasing role of technology in every aspect of our society has turned cybersecurity into a major sovereignty issue for all states. Due to their asymmetrical nature, offensive cyber-capabilities have been embraced by many countries that wouldn’t otherwise have the resources to compete on a military or economic level with the most powerful nations of ...