By visiting our site, you agree to our privacy policy regarding cookies, tracking statistics, etc.

Operation against Lumma Stealer malware

← Back to all results

Event Details

From May 16-21, Microsoft’s Digital Crimes Unit, with U.S. and European authorities, carried out a takedown of the Lumma Stealer infostealer infrastructure. Following a U.S. court order, Microsoft seized and helped block ~2,300 domains used to distribute the Lumma malware. Lumma Stealer (malware-as-a-service) had infected ~394,000 Windows computers globally and was being used by multiple ransomware groups to steal credentials for follow-on attacks. The operation (“Disrupting Lumma”) significantly hampered the malware’s reach, though criminals later attempted to reconstitute their infrastructure.

Date

16/05/2025

Institutions

  • EU, Europol

Ransomware Group

  • Lumma Stealer

Event Category

  • Infrastructure takedown

Level of Cooperation

  • International

Country

🇺🇸 United States

Sources

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
Lumma infostealer malware operation disrupted, 2,300 domains seized
Lumma infostealer’s infrastructure seized during US, EU, Microsoft operation

Thank you for signing up to our newsletter!

Thank you! RSVP received for Operation against Lumma Stealer malware

Operation against Lumma Stealer malware

Loading...

Loading…