Particle.news
Download on the App Store
10 ARTICLES
·
yesterday

Global Cybercrime Crackdown Dismantles Lumma Malware Operation

Law enforcement and tech firms seized 2,300 domains and disrupted infrastructure behind the Lumma infostealer, which infected nearly 400,000 systems in two months.

A view shows a Microsoft logo at Microsoft offices in Issy-les-Moulineaux near Paris, France, March 21, 2025. REUTERS/Gonzalo Fuentes/File Photo
Image
Digital map displaying parts of Europe, Asia, and Africa with regions highlighted in blue and red, possibly indicating different territories or data values.
Image

Overview

  • Microsoft, the U.S. Department of Justice, Europol, and Japan’s Cybercrime Control Center collaborated to disrupt the Lumma infostealer malware network.
  • The operation seized approximately 2,300 domains and dismantled Lumma’s command infrastructure and online marketplaces.
  • Lumma infected over 394,000 Windows systems globally between March and May 2025, stealing credentials, financial data, and cryptocurrency wallets.
  • Cloudflare and other tech firms played a critical role by blocking domains, banning accounts, and sinkholing malicious servers to sever Lumma’s operations.
  • The malware, developed in Russia and marketed as a service, has been a key tool for cybercriminals, enabling large-scale financial theft and network breaches.