Particle.news
Download on the App Store
22 ARTICLES
·
7h ago

Global Operation Dismantles Lumma Malware Network

Microsoft, DOJ, and international partners seize 2,300 domains and disrupt infrastructure of the prolific infostealer malware.

A view shows a Microsoft logo at Microsoft offices in Issy-les-Moulineaux near Paris, France, March 21, 2025. REUTERS/Gonzalo Fuentes/File Photo
Image
Image
Digital map displaying parts of Europe, Asia, and Africa with regions highlighted in blue and red, possibly indicating different territories or data values.

Overview

  • Lumma Stealer, a malware-as-a-service platform developed in Russia, infected over 394,000 Windows computers globally between March and May 2025.
  • A coordinated effort led by Microsoft, the U.S. DOJ, Europol, and Japan’s JC3 seized 2,300 domains and dismantled Lumma’s command-and-control infrastructure.
  • The operation disrupted cybercriminal marketplaces where Lumma was sold, cutting off access for hundreds of threat actors using the malware.
  • Lumma was widely used to steal credentials, financial data, and cryptocurrency wallets, and was linked to high-profile breaches including the PowerSchool hack in 2024.
  • Authorities continue to monitor and counter attempts by Lumma operators to rebuild infrastructure, leveraging seized domains for intelligence gathering.