In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hacker releases Georgia county’s election-related files
October 29, 2020
Hackers on Tuesday released a sample of stolen election-related documents from networks in Hall County, Ga., as part of their efforts to pressure county officials into paying a ransom for control of the files. The Wall Street Journal reported that the batch of files, which were largely administrative and nonsensitive in nature, came as part of ...
- Brooklyn & Vermont hospitals are latest Ryuk ransomware victims
October 29, 2020
Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the latest victims of the Ryuk ransomware attack spree covering the healthcare industry across the U.S. Yesterday, the U.S. government hosted an emergency call with stakeholders in the healthcare industry to alert them to an “increased and imminent cybercrime threat to U.S. ...
- Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector
October 29, 2020
On Oct. 28, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) released a joint cybersecurity alert regarding an increased and imminent cybersecurity threat to the U.S. healthcare system. Threat operators have displayed a heightened interest in targeting the healthcare and the public ...
- Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
October 29, 2020
Domain parking services offer a simple solution for domain owners to monetize their sites’ traffic through third-party advertisements. While domain parking might appear harmless at first glance, parked domains pose significant threats, as they can redirect visitors to malicious or unwanted landing pages or turn entirely malicious at any point in time. We have been detecting ...
- FBI warning: Trickbot and ransomware attackers plan big hit on US hospitals
October 29, 2020
US healthcare providers, already under pressure from the COVID-19 pandemic, have been put on high alert over Trickbot malware and ransomware targeting the sector. The warning over an “imminent cybercrime threat to US hospitals and healthcare providers” comes from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), ...
- Maze ransomware is shutting down its cybercrime operation
October 29, 2020
The Maze cybercrime gang is shutting down its operations after rising to become one of the most prominent players performing ransomware attacks. The Maze ransomware began operating in May 2019 but became more active in November. That’s when the media-savvy operation revolutionized ransomware attacks by introducing a double-extortion tactic. Read more… Source: Bleeping Computer