Lumma Stealer group doxxing campaign
Campaign
Summary
Hide ▲
Show ▼
A targeted underground doxxing campaign has hit the Lumma Stealer ecosystem, exposing alleged core members and disrupting the operation’s communications. Trend Micro said the disclosures were published on Lumma Rats and included passport numbers, bank account information, email addresses, passwords, and links to online profiles tied to five individuals allegedly linked to the operation. The campaign reportedly ran between last August and October 2025, coincided with a compromised Telegram account on September 17, and aligned with a decline in command-and-control activity as users discussed shifting to Vidar and StealC.
Related Happenings
Lazarus Group RemotePE long-term observation campaign against financial and cryptocurrency organizations
Campaign
First: 25.05.2026 12:32
Last: 25.05.2026 12:32
Sources 1
About this happening:
The **Lazarus Group** was tied to a **RemotePE** campaign against **financial and cryptocurrency organizations**, signaling a stealth-focused operation with sustained access risk....
Lazarus Group RemotePE long-term observation campaign against financial and cryptocurrency organizations
CampaignAbout this happening: The **Lazarus Group** was tied to a **RemotePE** campaign against **financial and cryptocurrency organizations**, signaling a stealth-focused operation with sustained access risk....
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
Campaign
First: 20.04.2026 16:33
Last: 20.04.2026 16:33
Sources 1
About this happening:
The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
CampaignAbout this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Anonymous Fénix DDoS and volunteer-recruitment campaign
Campaign
First: 23.02.2026 23:59
Last: 23.02.2026 23:59
Sources 1
About this happening:
**Anonymous Fénix** escalated its **DDoS** campaign by recruiting volunteers, increasing disruption risk for **government and public-institution domains** across **Spain** and par...
Anonymous Fénix DDoS and volunteer-recruitment campaign
CampaignAbout this happening: **Anonymous Fénix** escalated its **DDoS** campaign by recruiting volunteers, increasing disruption risk for **government and public-institution domains** across **Spain** and par...
Amitoj Kapoor and Siddharth Lillaney federal arrest and indictment for online gambling fraud
Law Enforcement
First: 09.02.2026 13:41
Last: 09.02.2026 13:41
Sources 1
About this happening:
**Amitoj Kapoor** and **Siddharth Lillaney** were **arrested and indicted** in a federal **online gambling fraud** case, escalating their exposure over an alleged **$3 million** s...
Amitoj Kapoor and Siddharth Lillaney federal arrest and indictment for online gambling fraud
Law EnforcementAbout this happening: **Amitoj Kapoor** and **Siddharth Lillaney** were **arrested and indicted** in a federal **online gambling fraud** case, escalating their exposure over an alleged **$3 million** s...
Scattered Lapsus Shiny Hunters' harassment-driven extortion operating model
Threat Actor Meta
First: 02.02.2026 18:15
Last: 02.02.2026 18:15
Sources 1
About this happening:
**Scattered Lapsus Shiny Hunters (SLSH)** is now using a **harassment-driven extortion model** that pairs stolen data with swatting, threats, and publicity pressure, raising the s...
Scattered Lapsus Shiny Hunters' harassment-driven extortion operating model
Threat Actor MetaAbout this happening: **Scattered Lapsus Shiny Hunters (SLSH)** is now using a **harassment-driven extortion model** that pairs stolen data with swatting, threats, and publicity pressure, raising the s...
Timeline
-
20.10.2025 15:42 3 articles · 7mo ago
Lumma Stealer doxxing campaign exposure
Initial DisclosureTrend Micro reported an underground doxxing campaign targeting the Lumma Stealer group, also tracked as Water Kurita and Storm-2477, in which a website named Lumma Rats published personal and operational details for five alleged core members. The disclosures included social media profiles, financial information, passwords, passport numbers, bank account information, email addresses, and links to online profiles, and they reportedly coincided with a compromised Telegram account and a sharp decline in Lumma Stealer command-and-control activity.
Show sources
- Lumma Stealer Activity Drops After Doxxing — www.securityweek.com — 20.10.2025 15:42
- Lumma Stealer Activity Drops After Doxxing — www.securityweek.com — 20.10.2025 15:42
- Lumma Stealer Developers Doxxed in Underground Rival Cybercrime Campaign — www.infosecurity-magazine.com — 21.10.2025 11:00