Information

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies 22 May 2025 A global disruption operation has dealt a significant blow to Lumma Stealer, one of the most prolific malware-as-a-service (MaaS) operations. The disruption effort, led by Microsoft and involving technical analysis by ESET researchers, targeted the infostealer’s infrastructure, including all known C&C servers from the past year, and…

Read More

As announced by the US Department of Justice – the FBI and US DoD’s Defense Criminal Investigative Service (DCIS) have managed to disrupt the infrastructure of the notorious infostealer, Danabot. ESET is one of the many cybersecurity companies to participate in this long-term endeavor, becoming involved back in 2018. Our contribution included providing technical analyses of the malware and its backend infrastructure, as well as identifying Danabot’s C&C servers. The joint takedown effort also led…

Read More

ESET has collaborated with Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry in a global disruption operation against Lumma Stealer, an infamous malware-as-a-service (MaaS) infostealer. The operation targeted Lumma Stealer infrastructure with all known C&C servers in the past year, rendering the exfiltration network, or a large part of it, nonoperational. Key points of this blogpost: ESET took part in a coordinated global operation to disrupt Lumma Stealer. ESET provided technical analysis and statistical information,…

Read More

ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report 19 May 2025 Today, the ESET research team released its latest issue of the APT Activity Report that details the operations of some of the world’s most notorious nation state-affiliated hacking collectives from October 2024 to March 2025. Their analysis reveals sustained efforts by advanced threat actors targeting a broad array of geographies and industry sectors,…

Read More

ESET APT Activity Report Q4 2024–Q1 2025 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from October 2024 until the end of March 2025. The highlighted operations are representative of the broader landscape of threats we investigated during this period, illustrating the key trends and developments, and contain only a fraction of the cybersecurity intelligence data provided to customers of ESET’s private APT reports. During the monitored…

Read More

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU 15 May 2025 ESET researchers have discovered a cyberespionage operation that abuses cross-site scripting (XSS) vulnerabilities, including a zero-day XSS flaw in MDaemon webmail software, to steal confidential information from specific email accounts belonging to officials working for various governmental organizations in Ukraine and defense contractors in Europe and on other…

Read More

This blogpost introduces an operation that we named RoundPress, targeting high-value webmail servers with XSS vulnerabilities, and that we assess with medium confidence is run by the Sednit cyberespionage group. The ultimate goal of this operation is to steal confidential data from specific email accounts. Key points of this blogpost: In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim’s webmail page. In…

Read More