Lumma Stealer group doxxing campaign
Campaign
Summary
Hide ▲
Show ▼
A targeted underground doxxing campaign has hit the Lumma Stealer ecosystem, exposing alleged core members and disrupting the operation’s communications. Trend Micro said the disclosures were published on Lumma Rats and included passport numbers, bank account information, email addresses, passwords, and links to online profiles tied to five individuals allegedly linked to the operation. The campaign reportedly ran between last August and October 2025, coincided with a compromised Telegram account on September 17, and aligned with a decline in command-and-control activity as users discussed shifting to Vidar and StealC.
Related Happenings
Outsider Telegram-run smishing campaign targeting Americans
Campaign
H score53
First: 12.06.2026 21:59
Last: 12.06.2026 21:59
Sources 1
About this happening:
The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...
Outsider Telegram-run smishing campaign targeting Americans
CampaignAbout this happening: The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...
Latest development: 14.06.2026 17:36
The FBI, working with Google and Black Lotus Labs, dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that used AI and distributed phishing kits to impersonate trusted brands in texts sent through AT&T, T-Mobile and Verizon. The takedown included seizures of administration servers, a Shopify e-commerce storefront, a testing account, around $100,000 USDT and a Telegram bot linked to the service, while Google pursued civil action and coordinated with carriers to block fraudulent messages.
AudiA6 laundering ecosystem and Dark2Web forum
Threat Actor Meta
H score31
First: 11.06.2026 18:55
Last: 11.06.2026 18:55
Sources 1
About this happening:
**AudiA6** was disrupted as an **industrial-scale cryptocurrency laundering service** used by **ransomware gangs** and other cybercriminal networks. Europol said the ecosystem lau...
AudiA6 laundering ecosystem and Dark2Web forum
Threat Actor MetaAbout this happening: **AudiA6** was disrupted as an **industrial-scale cryptocurrency laundering service** used by **ransomware gangs** and other cybercriminal networks. Europol said the ecosystem lau...
Lazarus Group RemotePE long-term observation campaign against financial and cryptocurrency organizations
Campaign
H score38
First: 25.05.2026 12:32
Last: 25.05.2026 12:32
Sources 1
About this happening:
The **Lazarus Group** was tied to a **RemotePE** campaign against **financial and cryptocurrency organizations**, signaling a stealth-focused operation with sustained access risk....
Lazarus Group RemotePE long-term observation campaign against financial and cryptocurrency organizations
CampaignAbout this happening: The **Lazarus Group** was tied to a **RemotePE** campaign against **financial and cryptocurrency organizations**, signaling a stealth-focused operation with sustained access risk....
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
Campaign
H score53
First: 20.04.2026 16:33
Last: 20.04.2026 16:33
Sources 1
About this happening:
The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
CampaignAbout this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Anonymous Fénix DDoS and volunteer-recruitment campaign
Campaign
H score29
First: 23.02.2026 23:59
Last: 23.02.2026 23:59
Sources 1
About this happening:
**Anonymous Fénix** escalated its **DDoS** campaign by recruiting volunteers, increasing disruption risk for **government and public-institution domains** across **Spain** and par...
Anonymous Fénix DDoS and volunteer-recruitment campaign
CampaignAbout this happening: **Anonymous Fénix** escalated its **DDoS** campaign by recruiting volunteers, increasing disruption risk for **government and public-institution domains** across **Spain** and par...
Timeline
-
20.10.2025 15:42 3 articles · 8mo ago
Lumma Stealer doxxing campaign exposure
Initial DisclosureTrend Micro reported an underground doxxing campaign targeting the Lumma Stealer group, also tracked as Water Kurita and Storm-2477, in which a website named Lumma Rats published personal and operational details for five alleged core members. The disclosures included social media profiles, financial information, passwords, passport numbers, bank account information, email addresses, and links to online profiles, and they reportedly coincided with a compromised Telegram account and a sharp decline in Lumma Stealer command-and-control activity.
Show sources
- Lumma Stealer Activity Drops After Doxxing — www.securityweek.com — 20.10.2025 15:42
- Lumma Stealer Activity Drops After Doxxing — www.securityweek.com — 20.10.2025 15:42
- Lumma Stealer Developers Doxxed in Underground Rival Cybercrime Campaign — www.infosecurity-magazine.com — 21.10.2025 11:00