In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Threat Brief: FireEye Red Team Tool Breach
December 10, 2020
On Dec. 8, 2020, one of the leading cybersecurity companies in the industry, FireEye, reported a breach and data exfiltration unlike any that we have seen previously. What makes this attack unique is not only the target, FireEye being a well-known cybersecurity company, but that the stolen data contains the internal, custom-crafted red-team and penetration ...
- The story of the year: remote work
December 10, 2020
The coronavirus pandemic has caused sudden, sweeping change around the world. The necessary social distancing measures are having an impact on all of us. One large part of society that has been affected by these measures more than others is the employed. While direct customer facing businesses like restaurants and retailers have had to change ...
- A Security Guide to IoT-Cloud Convergence
December 10, 2020
The internet of things (IoT) has risen as one solution to the demands that have emerged because of the worldwide pandemic. The IoT, with its key characteristic of minimizing human interaction in performing a myriad of functions, seems a perfect fit in a world of remote setups and social distancing. But it is thanks to ...
- Chinese APT suspected of supply chain attack on Mongolian government agencies
December 10, 2020
A Chinese state-sponsored hacking group, also known as an APT, is suspected of having breached a Mongolian software company and compromised a chat app used by hundreds of Mongolian government agencies. The attack is believed to have taken place earlier this year, in June, according to a report published today by Slovak security firm ESET. The hackers ...
- European Medicines Agency says it has been targeted by cyber attack
December 9, 2020
In a short statement published on its website, the agency said: “EMA has been the subject of a cyberattack. The agency has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities. “EMA cannot provide additional details whilst the investigation is ongoing. Further information will be made available in due course,” ...
- FireEye reveals that it was hacked by a nation state APT group
December 9, 2020
Leading cybersecurity company FireEye disclosed today that it was hacked by a threat actor showing all the signs of a state-sponsored hacking group. The attackers were able to steal Red Team assessment tools FireEye uses to test customers’ security and designed to mimic tools used by many cyber threat actors. Read more… Source: Bleeping Computer