Microsoft and DOJ dismantle Lumma Stealer malware network in global takedown

In partnership with the US Department of Justice (Doj), Microsoft has taken a big step in dismantling one of the most abundant e -crime tools. The Microsoft Digital Crime Unit (DCU) cooperated with the Ministry of Justice, Europol, and many global cyber security companies to disrupt the damage network of Lumma-stealing, which is a platform for harmful programs as a MAAS service involved in hundreds of thousands of digital breakthroughs all over the world.

According to Microsoft, Lumma Stealer was injured by more than 394,000 Windows machines between March and mid -May 2025. Magistical programs were a favorite tool among Internet criminals to steal entry login and sensitive financial information including cryptocurrencies. It has been used in blackmailing campaigns against schools, hospitals and infrastructure service providers. According to the Ministry of Justice website, “The FBI has set at least 1.7 million cases as Lummac was used to steal this type of information.”

With an order from the court from the American Provincial Court of the Northern Regions of Georgia, Microsoft has dropped nearly 2,300 harmful fields linked to the Lumma infrastructure. The Ministry of Defense simultaneously reduced five critical Lummac2 fields, which served as the leadership and control centers of Internet criminals who publish harmful programs. These fields are now directed to the notification of government Nubia.

International assistance came from the European Internet Crime Center in Europol (EC3) and Japan JC3, who coordinated efforts to prevent regional servers. Cyber ​​security companies such as Bitsight, Cloudflare, ESET, LUMEN, Cleandns and GMO have helped identify and dismantle the Internet infrastructure.

Inside the lumma process

Lumma, also known as Lummac2, has been working since 2022, and perhaps earlier, and providing harmful programs for stealing information for sale through encrypted forums and recipient channels. Smalling programs are designed for ease of use and are often assembled with tweet tools to help him bypass anti -virus programs. Distribution technologies include spear emails, deceptive brand sites, and harmful online ads known as “Malvertising”.

Cyber ​​security researchers say Lumma is particularly dangerous because it allows criminals to quickly expand attacks. Buyers can customize clear loads, track stolen data, and even obtain customer support via a custom user panel. Microsoft Threat Intelligence has previously tied Lumma with a notorious Octo Tempest, also known as “scattered spider”.

In a hunting campaign earlier this year, infiltrators managed to simulate Booking.com and used Lumma to harvest financial credentials from reassuring victims.

Who is behind it?

The authorities believe that the Lumma developer is going through the nickname “Chamil” and works outside Russia. In an interview in 2023, Chamil claimed that she had 400 active customers and even proud of the Lumma classification with the DOVE logo and the logo: “Getting money with us is easy.”

Long -term disorder, not a knockout

While removal is important, experts warn that Lumma and tools are rarely eliminated for good. However, Microsoft and Doj says these procedures hinder severely and disrupt criminal operations by cutting the infrastructure structure and revenues. Microsoft will use the seized fields as sink forces to collect intelligence and increase the protection of victims.

This position highlights the need for international cooperation in applying electronic crime. Officials of the Ministry of Justice emphasized the value of the public and private partnerships, while the FBI indicated that the unrest allocated to the court is still an important tool in the government’s cybersecurity book.

As DCU continues from Microsoft, this Lumma repression puts a strong precedent for what can be accomplished when industry and government specialists cooperate to eliminate threats.

Since more of these organizations are discovered and disabled, remember protecting yourself by changing your passwords frequently and avoiding clicking on links from unknown messengers.