Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains and part of its infrastructure backbone worldwide.
This effort involved multiple tech companies and law enforcement authorities, resulting in Microsoft's seizure of approximately 2,300 domains after legal action against the malware on May 13, 2025.
At the same time, the Department of Justice (DOJ) disrupted marketplaces where the malware was rented to cybercriminals by seizing Lumma's control panel, while Europol's European Cybercrime Center (EC3) and Japan's Cybercrime Control Center (JC3) helped to seize Lumma's infrastructure based in Europe and Japan.
"Between March 16, 2025, and May 16, 2025, Microsoft identified over 394,000 Windows computers globally infected by the Lumma malware. Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims,"
said Steven Masada, Assistant General Counsel of Microsoft's Digital Crimes Unit.
"The Lumma Stealer disruption effort denies the Lumma operators access to their control panel, marketplace of stolen data, and the Internet infrastructure used to facilitate the collection and management of that data. These actions impose operational and financial costs on both the Lumma operators and their customers, forcing them to rebuild their services on alternative infrastructure,"
Cloudflare added today.
Other companies involved in the joint action against Lumma's infrastructure include
ESET,
CleanDNS,
Bitsight,
Lumen,
GMO Registry, and global law firm Orrick.
