In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware.
This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations
October 21, 2025
Back in 2024, Kaspersky researchers gave a brief description of a complex cyberespionage campaign that we dubbed “PassiveNeuron”. This campaign involved compromising the servers of government organizations with previously unknown APT implants, named “Neursite” and “NeuralExecutor”. However, since its discovery, the PassiveNeuron campaign has been shrouded in mystery. For instance, it remained unclear how the implants ...
- The Golden Scale: Notable Threat Updates and Looking Ahead
October 20, 2025
Palo Alto Unit 42 recently published an Insights piece “The Golden Scale: Bling Libra and the Evolving Extortion Economy,” which primarily focused on the Salesforce data theft extortion activity. This was associated with the cybercriminal syndicate known as Scattered LAPSUS$ Hunters. Since early October 2025, the researchers have observed several notable developments within a Telegram channel ...
- China accuses US of cyber breaches at national time centre
October 20, 2025
China has accused the U.S. of stealing secrets and infiltrating the country’s national time centre, warning that serious breaches could have disrupted communication networks, financial systems, the power supply and the international standard time. The U.S. National Security Agency has been carrying out a cyberattack operation on the National Time Service Center over an extended period ...
- UK MoD investigating claims Russian hackers stole files on RAF and Navy bases
October 19, 2025
The Ministry of Defence is investigating claims that Russian hackers have stolen hundreds of sensitive military documents and published them on the dark web. The files hold details of eight RAF and Royal Navy bases as well as Ministry of Defence staff names and emails, The Mail On Sunday reported. Cybercriminals accessed the cache of files ...
- Tracking Malware and Attack Expansion: A Hacker Group’s Journey across Asia
October 17, 2025
In January 2025, FortiGuard Labs observed Winos 4.0 attacks targeting users in Taiwan. In February, it became clear the actor had changed malware families and expanded operations. What first appeared isolated was part of a broader campaign that shifted from Mainland China to Taiwan, then Japan, and most recently Malaysia. This article examines the methodologies employed ...
- Post-exploitation framework now also delivered via npm
October 17, 2025
The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means. In October 2025, Kaspersky experts found that the npm ecosystem contained a malicious package with a ...