Buser Lumma on his knees: the coordinated operation at Microsoft that dismantled the network of the most common InfoStealer in the world

A coordinated operation worldwide, with the involvement ofMicrosoft and the police of various areas of law led to Dismissal of Lumma StererConsidered as the largest infontal that is currently in circulation. Microsoft’s Digital Crimes Unit Division from Microsoft started on 13 May 2025 a legal action against Lumma Sterer and was ordered by the American court of the Northern district of Georgia. This provision stood the Kidnapping of approximately 2,300 harmful domains that formed the backbone of the Lumma infrastructure.

At the same time, the Ministry of Justice of the United States has The central assignment structure of Lumma seizedThe online markets make use where the malware was sold to other IT criminals. The operation also saw the active participation of the European IT crime and the Japanese Cybercrime Control Center, which facilitated the suspension of the local LUMMA infrastructure in their respective geographical areas.

SecondThe data collected and unveiled by MicrosoftBetween March 16 and May 16, 2025, More than 394,000 windows compromised compromised compromised compromises have been identified worldwide. The operation made it possible to stop communication between malware and compromised devices, preventing the further theft of sensitive data.

In addition to Microsoft, Europol, Doj and JC3, various private companies such as such as Cloudflare, ESET, Cleands, Bittsight, Lumen, GMO Registry E Lo Studio Legal Global Orrick. Edvardas Šileris, director of the European Center for Computer Crime of Europol, emphasized the importance of this collaboration: “This operation is a clear example of how public-private partnerships transform the fight against computer crime. By combining the coordination of European with the technical skills of Microsoft, a huge criminal infrastructure has been dismantled. IT criminals thrive in fragmentation, but together we are stronger.”

Diffusion of Malware Lumma Sterer – Source: Microsoft

Cloudflare (whose services are abuse by Lumma operators to hide the IP addresses of the origin of the assignment and control servers) He explained That the operation has refused access to their control panel to the LUMMA operators, the marketplace of stolen data and the internet infrastructure that is used to facilitate the collection and management of such data. These promotions have imposed operational and financial costs, both to LUMMA operators and their customers, so that they have to reconstruct their services on alternative infrastructures.

Lumma Sterer has been active since half past 2022 and presumably developed by Russian language criminals. The malware came Offered in the form of malware-as-a-service Via telegram channels, with Subscription prices that varied between $ 250 and $ 1,000. The spread of Lumma Sterer took place in various ways: in addition to benefiting phishing campaigns via e -mail, the malware was also distributed by false comments about Github and even with the orchestration of a refined campaign based on the use of false captcha in the Windowo’s goals. Over the years it has become an extremely dangerous tool that is able to steal passwords, credit cards, information about bank accounts, cryptocurrency portion, tests and other sensitive information, which put both web browsers and different applications in danger.

Despite the important step forward in the fight against computer criminal activities, realism is still necessary: ​​it is not a definitive victory. Modern malware is designed with characteristics that guarantee high resilience, and provides their architecture in structural components that are often changed, assignment and control server that change daily and easily transferable control panels on new infrastructures. However, Domini’s kidnapping has important effects, not even after the immediate technical impact. These operations undermine the credibility of the criminals used by criminals reduce confidence in the safety of certain malignant solutions and spread the fear of being identified and arrested between cyber criminals. An operation such as the one who is scored against Lumma Sterer creates a climate of uncertainty that can lead to the progressive descent of specific malware by the criminal community, which means that their extinction is effectively determined, even when they can still be technically operational.