Article Details

Lumma infostealer takedown may have inflicted only a flesh wound as crew keeps pinching and selling data. PLUS: Ransomware gang using tech support scam; Czechia accuses China of infrastructure attack; And more!. Infosec In Brief Despite last week’s FBI announcement that it helped to take down the crew behind the Lumma infostealer, the malware continues to operate. Researchers from Check Point Research last Thursday said that the group's command and control servers remain operational, the quantity of stolen information attributed to Lumma continues to grow, and cybercrime markets selling stolen info are still hawking it. "Check Point Research observed significant efforts by the Lumma developer to fully reinstate its infostealer activities and conduct business as usual," the researchers noted. Check Point’s researchers also noted that law enforcement action against Lumma has led to discussions on cybercrime forums in which participants express uncertainty about Lumma's future. With its technical abilities hobbled but not destroyed, Check Point says the success of the takedown operation may largely depend on those psychological tactics. "Attempts to sow distrust among Lumma's affiliates and customers may not be as easily overcome," Check Point believes. Prague accuses China of long-running infrastructure attack The government of the Czech Republic has accused Chinese hackers of infiltrating a communications system belonging to its Ministry of Foreign Affairs and called on Beijing to knock it off. Prague has a “high degree of certainty” that China's APT31 cyber espionage group ran the campaign, which commenced in 2022. "We call on the People's Republic of China to adhere to these commitments and principles, refrain from similar attacks, and take appropriate measures in light of this situation," the Czech government said. APT31 has often attacked government networks, with its campaigns targeting the USA, and sometimes Russia. Unsurprisingly, China has denied the allegations, calling them "groundless" and noting that China doesn't support or tolerate hackers. Lawyers warned of targeted phishing campaign The FBI last week warned US law firms about a phishing campaign that aims to steal and ransom sensitive legal documents. According to an FBI notice [PDF], the Feds think the Silent Ransomware Group (SRG), a.k.a. Luna Moth and Chatty Spider, is behind the attack. The ransomware crew has targeted law firms before. This campaign uses a new method of attack. Since March 2025, SRG has called law firms and posed as IT department employees. The callers ask for remote access to a victim's machine in order to do some sort of mysterious IT work that will take them hours to complete. The criminals spend that time exfiltrating files, which they then ransom back to the victim. Lawyers are susceptible to such threats due to the sensitive nature of the data they hold. The attack leaves minimal traces, the FBI noted, because SRG uses legitimate remote access tools. White House chief of staff allegedly impersonated by AI A couple of weeks ago we reported that a "senior US official" may have been deepfaked by fraudsters. Now, a report suggests the victim may have been White House chief of staff Susie Wiles. The Wall Street Journal last week reported that prominent Republican politicians and business executives have received calls from "Wiles" asking for things like a list of people who Trump could pardon, or just a straight-up cash transfer. Robo-Wiles was reportedly sending texts and making calls, and the voice on the line reportedly sounded like hers, leading officials to suspect AI deepfakes are involved. The Journal reported that whoever is running this campaign accessed contacts stored in Wiles' cellphone. There’s no word on how the perps obtained the records. "The White House takes the cybersecurity of all staff very seriously, and this matter continues to be investigated," a White House spokesperson told the WSJ. The involvement of a foreign nation isn't suspected.