Yazılar

Microsoft Takes Legal Action Against Lumma Stealer Malware Infecting 400,000 Devices

/in /tarafından

Microsoft has filed a legal action to disrupt the operations of Lumma Stealer, an advanced piece of information-stealing malware that has infected nearly 400,000 Windows computers worldwide over the past two months, the company said Wednesday.

The action was led by Microsoft’s Digital Crimes Unit (DCU) and involved a court order from the U.S. District Court for the Northern District of Georgia, enabling the takedown, suspension, and blocking of malicious domains that formed the malware’s core infrastructure.

“The growth and resilience of Lumma Stealer highlight the broader evolution of cybercrime and underscore the need for layered defenses and industry collaboration,” Microsoft said in a blog post.

Malware Capabilities

Lumma Stealer targets a wide range of sensitive user data:

  • Extracts information from web browsers, including saved passwords

  • Harvests credentials from cryptocurrency wallets

  • Installs additional malware on compromised systems

It operates as part of a larger cybercrime-as-a-service network, offering malicious tools to third parties for use in data theft and system compromise.

Federal Action and Domain Seizures

In parallel to Microsoft’s civil action:

  • The U.S. Department of Justice announced the seizure of five internet domains tied to the LummaC2 malware infrastructure

  • The FBI’s Dallas Field Office is leading the ongoing criminal investigation

These efforts aim to disrupt the malware’s operations and prevent further infections globally.

Broader Implications

The Lumma Stealer case highlights growing concerns over modular, stealthy malware strains designed to:

  • Evade detection

  • Monetize stolen data

  • Enable subsequent attacks

Microsoft emphasized the need for:

  • Layered cybersecurity defenses

  • Cross-industry cooperation

  • Judicial interventions to combat evolving digital threats

This case adds to a growing list of Microsoft-led legal and technical takedowns aimed at dismantling global cybercrime infrastructure, including recent actions against Storm botnets and ransomware operators.

Meta’s Lawsuit Against NSO Unveils Rare Details of Global Spyware Industry

/in /tarafından

Meta’s $168 million court victory against Israeli spyware maker NSO Group has not only concluded a protracted six-year legal battle but also offered an unprecedented look into the shadowy world of cyberespionage, where elite surveillance tools come with multimillion-dollar price tags and state-level buyers.

A California federal jury found NSO guilty of unlawfully hacking WhatsApp servers to target users on behalf of foreign intelligence agencies, awarding Meta both compensatory and punitive damages. The lawsuit, first filed in 2019, became a landmark case for digital privacy advocates and a rare legal showdown against a prominent spyware firm.

Top-Tier Spyware Comes at a High Cost

Testimony revealed that NSO charged European clients about $7 million for access to its spyware platform capable of hacking up to 15 devices simultaneously. For additional capabilities—like hacking phones outside of a client’s national borderscustomers paid up to $2 million more, according to Sarit Bizinsky Gil, NSO’s VP of global business operations.

Meta’s attorney Antonio Perez called the software highly sophisticated” and “extremely expensive,” underscoring the elite and dangerous nature of such tools.

Thousands of Devices Compromised

Between 2018 and 2020, NSO broke into thousands of devices, according to Tamir Gazneli, the company’s VP of R&D. He downplayed the term “spyware,” insisting the tools were used for “intelligence gathering,” not spying on people. In a tense exchange, Perez asked, You don’t consider the targets people, Mr. Gazneli?”a question that revealed how NSO distances itself from the ethical weight of its clients’ actions.

U.S. Agencies Paid Millions

Court records showed that the CIA and FBI collectively paid NSO $7.6 million. While prior media reports suggested U.S. involvement, this trial provided the first official financial confirmation, including a CIA-backed spyware purchase for Djibouti and FBI testing efforts.

NSO Continued Hacking During Litigation

Meta alleged that NSO continued to target WhatsApp servers even after the lawsuit was filed, saying the firm poses a significant threat of ongoing and prospective harm.” Meta is now seeking a permanent injunction to block NSO from accessing its platforms.

This case has not only highlighted the legal vulnerabilities of spyware vendors but also peeled back layers of secrecy surrounding government surveillance contracts, client relationships, and the massive scale of digital intrusions involved.

FBI Investigating Cyberattack at Oracle Involving Patient Data Theft

/in /tarafından

The FBI is currently investigating a cyberattack at Oracle that resulted in the theft of patient data, according to a Bloomberg News report. The attack, which occurred after January 22, compromised Oracle’s servers, where hackers copied patient data to an external location. The breach is believed to have been an attempt to extort multiple medical providers in the United States.

Oracle, which acquired Cerner Corp. in 2022 for $28 billion, notified its healthcare customers about the breach earlier this month. However, it remains unclear how many patient records were affected and which healthcare providers were targeted. The breach involved older Cerner servers, where data had not yet been transferred to Oracle’s cloud storage.

While the FBI has declined to comment, Oracle confirmed it became aware of the breach on February 20. Oracle has not yet responded to further inquiries. The company’s involvement in healthcare IT through its Cerner acquisition has likely increased its exposure to cybersecurity risks in the healthcare sector.