| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Water Kurita is a financially motivated cybercriminal entity associated with the Lumma Stealer infostealer-as-a-service operation, primarily active on underground forums and marketplaces. It focuses on credential and information theft at scale, monetizing access via subscription-based malware distribution and resale of stolen data to other actors. The group demonstrates solid operational security and marketing tactics typical of mature MaaS ecosystems, although a 2025 doxxing campaign exposing alleged core members (personal and financial data) significantly disrupted its activity and drove customers toward competing infostealers.
There are currently no families associated with this actor.
| 2025-11-13
⋅
Trend Micro
⋅
Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics Lumma Stealer Water Kurita |
| 2025-10-16
⋅
Trendmicro
⋅
Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing Lumma Stealer Water Kurita |
| 2025-03-22
⋅
Trend Micro
⋅
Back to Business: Lumma Stealer Returns with Stealthier Methods Lumma Stealer Water Kurita |
| 2025-03-11
⋅
Trend Micro
⋅
AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution Lumma Stealer SmartLoader Water Kurita |