Global Crackdown Hits Lumma Stealer Malware Network

Microsoft, working with international law enforcement agencies such as Europol, the U.S. Department of Justice, and Japan’s Cybercrime Control Center, has disrupted the Lumma Stealer malware operation by seizing or blocking over 2,300 domains, with more than 1,300 redirected to Microsoft-controlled 'sinkholes' for research and remediation. The takedown severed communications between Lumma Stealer and its victims and disrupted dark web marketplaces distributing the malware. Lumma Stealer, active since 2022 and linked to major ransomware incidents, has infected nearly 400,000 Windows computers in the past two months. The malware enables theft of passwords, financial data, and cryptocurrency wallets primarily through social engineering. Authorities emphasize the operation as a significant blow to cybercrime infrastructure but caution that Lumma’s operators may attempt to rebuild. Experts highlight the operation as a pivotal example of effective public-private collaboration against global cyber threats.