Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations

Published: 20 May 2025
Categories: US-Computer Emergency Readiness Team

RSS feed source: US Computer Emergency Readiness Team

Summary

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint advisory to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with threat actors deploying the LummaC2 information stealer (infostealer) malware. LummaC2 malware is able to infiltrate victim computer networks and exfiltrate sensitive information, threatening vulnerable individuals’ and organizations’ computer networks across multiple U.S. critical infrastructure sectors. According to FBI information and trusted third-party reporting, this activity has been observed as recently as May 2025. The IOCs included in this advisory were associated with LummaC2 malware infections from November 2023 through May 2025.

The FBI and CISA encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of LummaC2 malware.

Download the PDF version of this report:

AA25-141B Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations (PDF, 1.28 MB )

For a downloadable copy of IOCs, see:

AA25-141B STIX XML (XML, 146.54 KB ) AA25-141B STIX JSON (JSON, 300.90 KB ) Technical Details

Note: This advisory uses the MITRE ATT&CK® Matrix for Enterprise framework, version 17. See the MITRE ATT&CK Tactics and Techniques section of this advisory for threat actor activity mapped to MITRE ATT&CK

Click this link to continue reading the article on the source website.

Strengthening American Infrastructure (SAI)

Published: 13 May 2025
Categories: NSF Pgm Announcements

RSS feed source: US Computer Emergency Readiness Team

U.S. National Science Foundation

Directorate for Social, Behavioral and Economic Sciences

Directorate for Biological Sciences

Directorate for Computer and Information Science and Engineering

Directorate for STEM Education

Directorate for Engineering

Directorate for Geosciences

Directorate for Mathematical and Physical Sciences

Office of Integrative Activities

Full Proposal Deadline(s) (due by 5 p.m. submitting organization’s local time):

     April 17, 2025

     March 06, 2026

Important Information And Revision Notes

This revision adds For-profit organizations and Tribal Nations to the types of organizations eligible to submit proposals.

Any proposal submitted in response to this solicitation should be submitted in accordance with the NSF Proposal & Award Policies & Procedures Guide (PAPPG) that is in effect for the relevant due date to which the proposal is being submitted. The NSF PAPPG is regularly revised and it is the responsibility of the proposer to ensure that the proposal meets the requirements specified in this solicitation and

Click this link to continue reading the article on the source website.