Find notable cyber news and cases, enriched with sources, timelines, and signals.

Lumma Stealer group doxxing campaign

Campaign
First reported
Last updated
Happening score
H score 36
2 unique sources, 2 articles

Summary

Hide ▲

A targeted underground doxxing campaign has hit the Lumma Stealer ecosystem, exposing alleged core members and disrupting the operation’s communications. Trend Micro said the disclosures were published on Lumma Rats and included passport numbers, bank account information, email addresses, passwords, and links to online profiles tied to five individuals allegedly linked to the operation. The campaign reportedly ran between last August and October 2025, coincided with a compromised Telegram account on September 17, and aligned with a decline in command-and-control activity as users discussed shifting to Vidar and StealC.

Related Happenings

Outsider Telegram-run smishing campaign targeting Americans

Campaign
H score53 First: 12.06.2026 21:59 Last: 12.06.2026 21:59 Sources 1

About this happening: The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...

Latest development: 14.06.2026 17:36

The FBI, working with Google and Black Lotus Labs, dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that used AI and distributed phishing kits to impersonate trusted brands in texts sent through AT&T, T-Mobile and Verizon. The takedown included seizures of administration servers, a Shopify e-commerce storefront, a testing account, around $100,000 USDT and a Telegram bot linked to the service, while Google pursued civil action and coordinated with carriers to block fraudulent messages.

AudiA6 laundering ecosystem and Dark2Web forum

Threat Actor Meta
H score31 First: 11.06.2026 18:55 Last: 11.06.2026 18:55 Sources 1

About this happening: **AudiA6** was disrupted as an **industrial-scale cryptocurrency laundering service** used by **ransomware gangs** and other cybercriminal networks. Europol said the ecosystem lau...

Lazarus Group RemotePE long-term observation campaign against financial and cryptocurrency organizations

Campaign
H score38 First: 25.05.2026 12:32 Last: 25.05.2026 12:32 Sources 1

About this happening: The **Lazarus Group** was tied to a **RemotePE** campaign against **financial and cryptocurrency organizations**, signaling a stealth-focused operation with sustained access risk....

Scattered Spider SMS phishing and SIM-swap crypto theft campaign

Campaign
H score53 First: 20.04.2026 16:33 Last: 20.04.2026 16:33 Sources 1

About this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...

Anonymous Fénix DDoS and volunteer-recruitment campaign

Campaign
H score29 First: 23.02.2026 23:59 Last: 23.02.2026 23:59 Sources 1

About this happening: **Anonymous Fénix** escalated its **DDoS** campaign by recruiting volunteers, increasing disruption risk for **government and public-institution domains** across **Spain** and par...

Timeline

  1. 20.10.2025 15:42 3 articles · 8mo ago

    Lumma Stealer doxxing campaign exposure

    Initial Disclosure

    Trend Micro reported an underground doxxing campaign targeting the Lumma Stealer group, also tracked as Water Kurita and Storm-2477, in which a website named Lumma Rats published personal and operational details for five alleged core members. The disclosures included social media profiles, financial information, passwords, passport numbers, bank account information, email addresses, and links to online profiles, and they reportedly coincided with a compromised Telegram account and a sharp decline in Lumma Stealer command-and-control activity.

    Show sources