Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations

**Executive Summary:** The FBI and CISA advisory documents LummaC2, an actively observed infostealer (Nov 2023–May 2025) distributed via spearphishing and spoofed software that runs primarily in memory, decrypts C2 domains, receives JSON commands to steal browser data, credentials, cryptocurrency wallets, and MFA details, and provides extensive IOCs (file hashes, DLL names, and domains) plus mitigation and detection recommendations.