Lumma Stealer Malware Network Shut Down Following Coordinated Operation 

• One of the most significant and prevalent information-stealing malware threats of recent years was disabled.
• The network behind Lumma Stealer was taken down following a global law enforcement operation.
• Over 900 disabled domains displayed a seizure message signed by Microsoft.

A landmark global operation involving Microsoft, Europol, the U.S. Department of Justice, and Japan’s Cybercrime Control Center has successfully disrupted the Lumma infostealer, also known as Lumma Stealer and LummaC2.  

The takedown operation encompassed a multi-faceted approach. Microsoft’s Digital Crimes Unit secured a US court order authorizing the seizure of approximately 2,300 domains tied to Lumma’s ecosystem, a recent Europol press release said. 

Simultaneously, the U.S. Department of Justice, supported by Europol and Japan’s Cybercrime Control Center, disabled command-and-control (C2) servers and disrupted cybercriminal marketplaces peddling Lumma and its services. 

Key partners such as Cloudflare played a strategic role, blocking server domains and disabling accounts used for domain configuration.

Technically, Lumma Stealer distinguished itself as a preferred infostealer due to its ease of distribution, ability to evade detection, and built-in mechanisms for bypassing security defenses. Victims were frequently targeted through sophisticated phishing campaigns that impersonated reputable services and companies.

Once embedded, the malware siphoned a broad range of sensitive data, often acting as the initial vector for further attacks such as ransomware or lateral movement within targeted networks.

Lumma has been widely leveraged by cybercriminals to extract sensitive data such as login credentials, credit card information, and cryptocurrency wallet details, often in combination with other malware like Vidar and RedLine.

Since its emergence on Russian-language cybercrime forums in 2022, Lumma has rapidly evolved and became the tool of choice for various threat actors, including the notorious Scattered Spider group. 

Recent Microsoft findings indicate that more than 394,000 Windows machines were compromised by Lumma between mid-March and mid-May 2024.

Significantly, Lumma developers have reportedly sought to integrate machine learning to automate sorting of stolen data, marking an ongoing trend toward increasingly sophisticated malware platforms.