Recommended reading

Microsoft takes legal action against Lumma Stealer after 400,000 devices infected

News
By published

Microsoft, DoJ, and FBI, disrupt the infostealer's infrastructure

Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
(Image credit: Shutterstock)
  • The DoJ announced seizing multiple domains used by Lumma Stealer
  • The infostealer is linked to some of the biggest cyberattacks in recent times
  • The malware caused millions of dollars in damages

The US Department of Justice, together with the FBI and Microsoft, disrupted the operations of Lumma Stealer, one of the biggest information-stealing malware variants out there.

In a press release published on the DoJ’s website earlier this week, it was explained that the law enforcement agencies seized five internet domains that were used to deploy LummaC2. The threat actors tried to relocate their operations and set up three new domains, which were quickly picked up by the DoJ, as well.

Furthermore, Microsoft independently took down 2,300 additional internet domains linked to LummaC2’s criminal activities.

Save up to 68% on identity theft protection for TechRadar readers!

Save up to 68% on identity theft protection for TechRadar readers!

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)

View Deal

High-profile attacks

Lumma Stealer is a popular infostealer that grabs sensitive information such as login credentials, browser autofill information, and cryptocurrency wallet data. It is usually distributed through malicious websites and phishing campaigns, and was seen in numerous high-profile cyberattacks. The seized domains were used by different cybercriminals to access, and later deploy, the infostealer.

The FBI said the malware was used in at least 1.7 million instances since late 2023, and resulted in roughly 10 million infections. These infections resulted in losses of more than $36 million in 2023 alone. The DoJ is now offering a bounty of $10 million for information on cyberattacks against US infrastructure, conducted by foreign state-sponsored threat actors.

Lumma was involved in many high-profile cybercriminal cases, including the attack against Schneider Electric that happened in early November 2024. In that instance, researchers from Hudson Rock found, the criminals behind the attack claimed to have stolen “critical data”, including projects, issues, and plugins, along with 400,000 rows of user data, totaling more than 40GB compressed data.

The same infostealer was apparently also used to steal credentials that were later leveraged to break into people’s Snowflake cloud storage accounts, triggering one of the bigger supply chain attacks in recent times.

Via The Register

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.