LummaC2’s Initial Impact Determined at 10 Million Devices

LummaC2, a powerful information-stealing malware, infected around 10 million devices before it was taken down through a global operation involving the FBI and cybersecurity partners. Since emerging in 2022, LummaC2 became one of the most widely used tools in the cybercrime world, allowing criminals to steal data like passwords, credit card numbers, crypto wallets, and personal information from individuals and businesses alike — including major corporations, hospitals, schools, and government agencies.

The malware spread through phishing emails, fake websites, and deceptive downloads, and it was designed to avoid detection by antivirus and security tools. Once data was stolen, it was packaged and sold on criminal marketplaces, enabling other hackers to launch further attacks. In 2023 alone, LummaC2 was linked to over $36 million in credit card theft, and the FBI continues to uncover more victims as investigations continue.

Although key parts of LummaC2’s operation were dismantled, officials warn that the threat isn’t completely gone. The group behind it may try to regroup, but law enforcement plans to keep targeting its operations to prevent future attacks. Authorities say the disruption already hurts the group financially and damages its reputation in the cybercrime world — an important step in the ongoing fight against digital threats.

Wireless Provider Experiences Week-Long Disruption

Cellcom, a regional wireless provider in Wisconsin, confirmed that a cyberattack caused a week-long disruption to its voice and text services in Wisconsin and Upper Michigan. The company is working to restore services and says it had emergency plans in place for this kind of situation. Cellcom has brought in outside cybersecurity experts, notified the FBI and state officials, and is making progress toward fully restoring service by the end of the week.

Importantly, Cellcom says the attack targeted part of its network that doesn’t store customer information. There’s no evidence that any personal or financial data was accessed or stolen. While the company has not shared specific details about the attack, the nature of the outage points to a possible ransomware incident, though no group has taken credit for it so far.

Sophos Client Target of Email Bombing Campaign with Follow-up Tactics

A recent cyberattack using the 3AM ransomware targeted a Sophos client in early 2025, combining multiple deceptive tactics to gain access. The attackers overwhelmed the victim with a flood of emails (a tactic called email bombing), then made a phone call pretending to be from the company’s IT department. They even spoofed the real IT phone number to appear more convincing. During the call, the employee was tricked into opening Microsoft Quick Assist, giving the attacker remote access to their computer.

Once inside, the attacker downloaded malicious files from a fake website. These included tools that helped them hide their activity, such as a virtual machine program (QEMU) and a Windows image with built-in malware. They used this setup to explore the network, steal administrator credentials, and install remote management software. Although Sophos’ security tools blocked several attempts to spread the attack further, the hackers still managed to steal 868 GB of data and encrypt one system before being stopped.

Sophos says the attack lasted nine days, with the data theft completed in just three. While the worst damage was contained, the incident highlights the growing use of social engineering and legitimate tools in modern cyberattacks. To defend against such threats, Sophos recommends reviewing admin accounts for weaknesses, using advanced threat detection tools, blocking known bad software, and training employees to recognize suspicious emails and calls.

Defensible Strategies

Learn from those who have been attacked

Security News Site KrebsOnSecurity Target of DDoS Attack

KrebsOnSecurity, a cybersecurity news site, was recently hit with an enormous cyberattack that sent over 6.3 terabits of data per second — one of the largest ever recorded. The brief but powerful assault was likely a test run by a new botnet called Aisuru, which hijacks Internet-connected devices like routers and cameras to carry out large-scale attacks. This new botnet builds on past malware like Mirai, which disrupted major parts of the internet in 2016. Google, which currently protects KrebsOnSecurity through its Project Shield service, confirmed this was the largest attack it has ever mitigated.

The Aisuru botnet is controlled by a group that sells access to its attack power through Telegram channels. A known figure behind the operation is a 21-year-old from Brazil who goes by the name Forky. He has a long history with DDoS-for-hire services and also runs a business called Botshield, which claims to provide DDoS protection but appears linked to other shady cyber activities. While Forky denies responsibility for the recent attack, he admitted to helping build and market the Aisuru botnet, and has been publicly active in promoting related services.

Experts say this new botnet is especially dangerous because of its use of previously unknown software vulnerabilities and its ability to fly under the radar. There are concerns that unless the Aisuru source code is leaked or its methods are exposed, its creators will continue to dominate the DDoS scene. Ironically, some believe a public release of its code could weaken it by encouraging competition and fragmentation — just as happened with Mirai — making future attacks easier to stop.

UK Financial Institutions Give Insight into Compliance Fatigue

A new study shows that nearly half of UK financial institutions view compliance as their biggest cybersecurity challenge. As regulations become more complex and international in scope, companies are struggling to keep up with multiple laws across different countries. While compliance is meant to improve security, an overwhelming focus on checklists and paperwork can weaken a company's overall cybersecurity posture.

This “compliance fatigue” can lead to serious security gaps, such as delayed software updates, slower responses to cyber incidents, and reduced monitoring of third-party vendors. With limited staff and resources, many companies are pulled away from essential security tasks just to meet regulatory deadlines. As more rules are added—like the UK's Data Protection Act, the Cyber Resilience Bill, and the EU's Digital Operational Resilience Act—companies are feeling stretched thin trying to stay compliant across multiple frameworks.

To manage this growing burden, the article suggests using automated, AI-powered tools that streamline compliance tasks. For example, Fortra offers solutions for protecting email, preventing data leaks, classifying sensitive information, and continuously monitoring for suspicious activity. By automating these processes, companies can focus more on actual security rather than just meeting regulatory demands, helping them stay protected and compliant in an increasingly complex digital environment.