Ethical Hacking News
Global law enforcement agencies and tech companies have successfully taken down the notorious infostealer malware known as LUMMA, a move that is expected to disrupt the operations of cybercriminals around the world. The takedown, which involved Microsoft's Digital Crimes Unit and other organizations, resulted in the disruption of over 2,300 domains underpinning LUMMA's infrastructure and the seizure of the command and control infrastructure. According to experts, the disruption of LUMMA highlights the ongoing threat posed by infostealer malware and underscores the need for continued vigilance in the fight against cybercrime.
Global operation disrupts notorious infostealer malware known as LUMMA. Takedown results in seizure of over 2,300 domains and disruption of regional infrastructure. LUMMA was widely used by cybercriminals to steal sensitive information like passwords and credit card details. Malware is believed to be developed in Russia and spread through targeted phishing attacks. Cybercrime gang, Scattered Spider, relies on LUMMA as a "go-to tool" for their operations. Operation disrupts over 394,000 Windows computers infected with LUMMA between March and May this year.
Security researchers have announced a significant breakthrough in the fight against cybercrime as a global effort has successfully disrupted the notorious infostealer malware known as LUMMA. The operation, which involved law enforcement agencies and tech companies from around the world, resulted in the takedown of over 2,300 domains underpinning LUMMA's infrastructure, the seizure of the command and control infrastructure, and the disruption of regional LUMMA infrastructure by Europol's European Cybercrime Center and Japan's Cybercrime Control Center.
LUMMA has been a thorn in the side of cybersecurity professionals for some time, with its widespread use by cybercriminals to steal sensitive information such as passwords, credit card and banking details, and cryptocurrency wallet data. The malware, which is believed to be developed in Russia, has provided cybercriminals with the information and credentials they needed to drain bank accounts, disrupt services, and carry out data extortion attacks against schools, among other things.
According to Microsoft's Digital Crimes Unit (DCU), LUMMA has spread so broadly because it is "easy to distribute, difficult to detect, and can be programmed to bypass certain security defenses." The company's assistant general counsel, Steven Masada, notes in a blog post that LUMMA is a "go-to tool" for cybercriminals, including the notorious Scattered Spider gang. Attackers distribute the malware using targeted phishing attacks that typically impersonate established companies and services, like Microsoft itself, to trick victims.
The operation to take down LUMMA was coordinated by Microsoft's DCU, along with law enforcement agencies from around the world, including the US Department of Justice, Europol's European Cybercrime Center, and Japan's Cybercrime Control Center. Cloudflare played a key role in disrupting LUMMA's infrastructure, blocking command and control server domains, Lumma's Marketplace domains, and banning the accounts that were used to configure the domains.
The disruption of LUMMA's infrastructure was a significant blow to cybercriminals who rely on the malware to carry out their attacks. According to figures cited in a notice published today by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA), more than 394,000 Windows computers were infected with LUMMA between March 16 and May 16 this year, while over 21,000 listings for LUMMA were mentioned on cybercrime forums in the spring of 2024.
The takedown of LUMMA is a significant victory in the fight against cybercrime, but it highlights the ongoing threat posed by infostealer malware. According to Patrick Wardle, CEO of the Apple device-focused security firm DoubleYou, "Infostealers have become more than just grab-and-go malware... They really act as the first stage, collecting credentials, access tokens, and other foothold-enabling data, which is then used to launch more traditional, high-impact attacks."
The Lumma infostealer was heavily used by cybercriminals around the world. The US Department of Justice seized LUMMA's command and control infrastructure and disrupted cybercrime marketplaces that sold the malware.
Related Information:
https://www.ethicalhackingnews.com/articles/Global-Effort-Takes-Down-Notorious-Infostealer-Malware-LUMMA-ehn.shtml
https://www.wired.com/story/lumma-stealer-takedown-disrupted/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
https://attack.mitre.org/groups/G1015/
Published: Wed May 21 13:18:44 2025 by llama3.2 3B Q4_K_M
