Yazılar

Microsoft Takes Legal Action Against Lumma Stealer Malware Infecting 400,000 Devices

/in /tarafından

Microsoft has filed a legal action to disrupt the operations of Lumma Stealer, an advanced piece of information-stealing malware that has infected nearly 400,000 Windows computers worldwide over the past two months, the company said Wednesday.

The action was led by Microsoft’s Digital Crimes Unit (DCU) and involved a court order from the U.S. District Court for the Northern District of Georgia, enabling the takedown, suspension, and blocking of malicious domains that formed the malware’s core infrastructure.

“The growth and resilience of Lumma Stealer highlight the broader evolution of cybercrime and underscore the need for layered defenses and industry collaboration,” Microsoft said in a blog post.

Malware Capabilities

Lumma Stealer targets a wide range of sensitive user data:

  • Extracts information from web browsers, including saved passwords

  • Harvests credentials from cryptocurrency wallets

  • Installs additional malware on compromised systems

It operates as part of a larger cybercrime-as-a-service network, offering malicious tools to third parties for use in data theft and system compromise.

Federal Action and Domain Seizures

In parallel to Microsoft’s civil action:

  • The U.S. Department of Justice announced the seizure of five internet domains tied to the LummaC2 malware infrastructure

  • The FBI’s Dallas Field Office is leading the ongoing criminal investigation

These efforts aim to disrupt the malware’s operations and prevent further infections globally.

Broader Implications

The Lumma Stealer case highlights growing concerns over modular, stealthy malware strains designed to:

  • Evade detection

  • Monetize stolen data

  • Enable subsequent attacks

Microsoft emphasized the need for:

  • Layered cybersecurity defenses

  • Cross-industry cooperation

  • Judicial interventions to combat evolving digital threats

This case adds to a growing list of Microsoft-led legal and technical takedowns aimed at dismantling global cybercrime infrastructure, including recent actions against Storm botnets and ransomware operators.

FBI Warns AI-Generated Voices Used to Impersonate Senior U.S. Officials in Cyber Campaign

/in /tarafından

The FBI has issued a public warning that malicious actors are leveraging AI-generated voice messages and text to impersonate senior U.S. government officials, targeting both current and former federal and state officials in a sophisticated social engineering campaign.

According to the FBI’s announcement on Thursday, the aim of the scheme is to:

  • Gain access to personal accounts of government officials

  • Target additional contacts once access is gained

  • Harvest sensitive information or even solicit funds fraudulently

How the Scheme Works:

  • Attackers initiate text message conversations to build rapport with the targets.

  • Once trust is established, they urge the recipient to switch to another platform, often linking to a hacker-controlled website designed to harvest credentials like usernames and passwords.

  • In some cases, attackers use AI-generated voice clips to convincingly impersonate the tone and mannerisms of known officials.

Threat Scope:

The FBI has not disclosed how many individuals have been targeted or whether the actors are financially motivated cybercriminals or state-aligned entities. The use of generative AI makes attribution and detection more difficult, and the agency continues to assess the full scope of the threat.

This follows a December 2024 warning from the FBI regarding the broader use of AI-generated contentincluding text, audio, images, and videoto commit crimes such as fraud, extortion, and identity theft.

Broader Implications:

The campaign underscores the growing threat of generative AI in cybercrime, particularly in impersonation and phishing-style attacks aimed at high-value targets. Government agencies and private sector organizations are now being urged to:

  • Strengthen multi-factor authentication

  • Train personnel to recognize AI-driven impersonation attempts

  • Avoid clicking on unsolicited links or moving conversations to unknown platforms

As AI tools become more accessible, security experts warn that digital impersonation will become an increasingly common tactic for attackers seeking access to sensitive systems or socially engineered pathways into secure environments.

Google Uncovers New Russian Malware ‘LOSTKEYS’ Linked to Cold River Hacking Group

/in /tarafından

Google’s Threat Intelligence Group announced Wednesday the discovery of a new malware strain called “LOSTKEYS”, which has been linked to the Russia-based hacking group Cold River, believed to have ties to the Russian Federal Security Service (FSB).

According to Google researcher Wesley Shields, the malware marks a significant expansion in Cold River’s cyber toolkit, with capabilities that include file theft and system reconnaissance, enabling attackers to gather intelligence on high-profile individuals and institutions.

LOSTKEYS represents a new development in the toolset used by Cold River,” Shields stated in a blog post.

Recent Targeting Activity:

  • Attacks observed in January, March, and April 2025

  • Targets include current and former advisers to Western governments, military personnel, NGOs, journalists, think tanks, and individuals connected to Ukraine

  • Cold River continues to pursue espionage goals in line with Russian strategic interests

Background on Cold River:

Cold River gained notoriety for targeting:

  • Three U.S. nuclear research labs in 2022

  • Private email leaks of former British spymaster Richard Dearlove and other pro-Brexit figures

  • Credential theft campaigns targeting NATO governments and NGOs

The Russian embassy in Washington did not immediately respond to requests for comment.

The revelation underscores ongoing concerns about state-sponsored cyber threats emanating from Russia, particularly amid the ongoing war in Ukraine and heightened geopolitical tensions.