Particle.news
Download on the App Store
20 ARTICLES
·
46m ago

Global Coalition Disrupts Lumma Malware Network, Seizing 2,300 Domains

Authorities and private firms dismantle Russian-developed malware-as-a-service platform linked to widespread data theft and cybercrime.

A view shows a Microsoft logo at Microsoft offices in Issy-les-Moulineaux near Paris, France, March 21, 2025. REUTERS/Gonzalo Fuentes/File Photo
Image
Image
Digital map displaying parts of Europe, Asia, and Africa with regions highlighted in blue and red, possibly indicating different territories or data values.

Overview

  • Microsoft, the DOJ, Europol, and Japan’s JC3 led a coordinated operation to dismantle Lumma, a malware-as-a-service platform active since 2022.
  • Over 394,000 Windows computers were infected by Lumma between March 16 and May 16, 2025, with at least 1.7 million instances of data theft identified by the FBI.
  • The operation seized 2,300 domains and disrupted Lumma’s command-and-control infrastructure, severing communications between the malware and its operators.
  • Lumma was marketed by its Russian developer, 'Shamel,' with subscription tiers ranging from $250 to $1,000, enabling cybercriminals to steal credentials, financial data, and cryptocurrency wallets.
  • Microsoft and its partners are using seized domains as sinkholes for ongoing intelligence gathering, while law enforcement pursues further investigations and prosecutions.