Water Kurita is a financially motivated cybercriminal entity associated with the Lumma Stealer infostealer-as-a-service operation, primarily active on underground forums and marketplaces. It focuses on credential and information theft at scale, monetizing access via subscription-based malware distribution and resale of stolen data to other actors. The group demonstrates solid operational security and marketing tactics typical of mature MaaS ecosystems, although a 2025 doxxing campaign exposing alleged core members (personal and financial data) significantly disrupted its activity and drove customers toward competing infostealers.
References
Actor metadata imported from Malpedia (Fraunhofer FKIE).