In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw
September 15, 2020
Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer. Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol. BLE is a slimmer version of the original Bluetooth (Classic) standard but designed to ...
- Surge in DDoS attacks targeting education and academic sector
September 15, 2020
As education institutions across the world moved to online learning, cyber threat disruptions have amplified more than ever. Malware, vulnerability exploits, distributed denial-of-service (DDoS), phishing attacks have all struck this sector, increasing in frequency over the past two months. As schools in the U.S. restarted in remote learning mode, cybersecurity companies noticed a surge in DDoS ...
- Windows 10 ‘Finger’ command can be abused to download or steal files
September 15, 2020
The list of native executables in Windows that can download or run malicious code keeps growing as another one has been reported recently. These are known as living-off-the-land binaries (LoLBins) and can help attackers bypass security controls to fetch malware without triggering a security alert on the system. The latest addition is finger.exe, a command that ships ...
- MITRE releases emulation plan for FIN6 hacking group, more to follow
September 15, 2020
MITRE and cyber-security industry partners have launched a new project that promises to offer free emulation plans that mimic today’s biggest hacking groups in order to help train security teams to defend their networks. Named the Adversary Emulation Library, the project is the work of the MITRE Engenuity’s Center for Threat-Informed Defense. The project, hosted on GitHub, ...
- Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
September 15, 2020
Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies’ Active Directory domain controllers (DCs). The vulnerability, dubbed “Zerologon,” is a privilege-escalation glitch (CVE-2020-1472) with a CVSS score of 10 out of 10, making it critical in severity. The ...
- QR Codes Serve Up a Menu of Security Concerns
September 15, 2020
Quick Response (QR) codes are booming in popularity and hackers are flocking to exploit the trend. Worse, according to a new study, people are mostly ignorant to how QR codes can be easily abused to launch digital attacks. The reason QR code use is skyrocketing is tied to more brick-and-mortar businesses are forgoing paper brochures, menus ...