Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations

• FBI & CISA issue joint advisory on LummaC2 infostealer targeting critical infrastructure. • Malware infiltrates networks, exfiltrates sensitive data via spearphishing links and attachments. • Attackers use fake CAPTCHA to trick users into executing payloads. • Observed activity spans Nov 2023-May 2025, with latest incidents in May 2025. • Advisory includes IOCs, MITRE ATT&CK mapping, and mitigation recommendations. • LummaC2 first appeared for sale on Russian-language cybercriminal forums in 2022.

Article Summaries:

• Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations Summary The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint advisory to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with threat actors deploying the LummaC2 information stealer (infostealer) malware. LummaC2 malware is able to infiltrate victim computer networks and exfiltrate sensitive information, threatening vulnerable individuals’ and organizations’ computer network

Sources:

• https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141b