(TLP:CLEAR) Threat Actors Target U.S. Critical Infrastructure and Exfiltrate Data with LummaC2 Malware

Summary: Yesterday, CISA and the FBI released a joint Cybersecurity Advisory (CSA) detailing the tactics, techniques, and procedures (TTPs), and indicators of compromise (IOCs) linked to threat actors deploying LummaC2 malware. This malware poses a serious threat, capable of infiltrating networks and exfiltrating sensitive information of vulnerable individuals’ and organizations’ computer networks across U.S. critical infrastructure sectors.

Analyst Note: LummaC2 is a type of malware classified as a stealer, designed to extract sensitive data. In 2025 new observations show the stealer continues to evolve and adapt its tactics in order to outsmart modern defenses. This includes enhanced evasion techniques to avoid detection, as well as the exploitation of recent vulnerabilities.

Members are encouraged to review the joint CSA and implement the recommendations in the Mitigations section to reduce the likelihood of impact from the LummaC2 stealer. 

Original Source: https://www.cisa.gov/news-events/alerts/2025/05/21/threat-actors-target-us-critical-infrastructure-lummac2-malware

Additional Reading:

• LummaC2 stealer: Everything you need to know

Related WaterISAC PIRs: 6, 6.1, 8, 10, 10.2, 12