Global Crackdown Dismantles Lumma Infostealer

share
Header image

Global Crackdown Dismantles Lumma Infostealer

share

More than 2000 malicious domains linked to the Lumma infostealer have been suspended and blocked

The infrastructure of the Lumma infostealer has been disrupted following an international law enforcement operation led by the U.S., EU, and Microsoft.

Nearly 2,300 malicious domains linked to the Lumma infostealer have been suspended and blocked by Microsoft, which was also able to dismantle Japan and European infrastructure, while an additional five domains were sequestered by the U.S. government.

FBI senior official Brett Leatherman said that while Lumma could reorganise in the future, such a takedown effort remains valuable in reducing trust in the cybercrime landscape.

"I think these actors should know that when we have the technical capacity to do this, there are operational security concerns within that ecosystem that they should take note of and maybe not trust the operational security of their colleagues in this environment because of technical operations like this," Leatherman added.

Commenting, James Shank, director, threat operations at Expel, said:  "In recent years, Europol has tuned their targeting of groups perfectly. This operation today may take out the leader in the infostealer space, Lumma.

“As we've tracked attacks across industries, we've seen Lumma Stealer become the preferred malware to steal credentials. The developers have been effective at making a product easily purchased and leveraged by cybercriminals. The activity against Lumma Stealer is going to be widely felt.”


Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Cyber CrimeMalware Published: 22 May Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Zero Click Attacks: The Risk To Business

Zero Click Attacks: The Risk To Business

 Cyber incident involving rerouted payment drains Zephyr of £700K

Cyber incident involving rerouted payment drains Zephyr of £700K

 Hijacked NHS Scotland domains push adult content

Hijacked NHS Scotland domains push adult content
UK cybercrime significantly outpaces police staffing growth

UK cybercrime significantly outpaces police staffing growth

 Fraud losses top £629M as UK ramps up enforcement

Fraud losses top £629M as UK ramps up enforcement

 Youth cybercrime radicalization driven by online platforms, NCA leader says

Youth cybercrime radicalization driven by online platforms, NCA leader says
Global cybercrime clampdown disrupts over 45K illicit IP addresses

Global cybercrime clampdown disrupts over 45K illicit IP addresses