Microsoft, in partnership with the US Department of Justice (Doj), Declared today They have taken a big step in dismantling one of the most abundant e -crime tools. In a comprehensive joint process, the Microsoft Digital Crime Unit (DCU) cooperated with the Ministry of Justice, EUROPOL, and many global cybersecurity companies to disrupt the malware stealing network of Lumma-is a platform for harmful programs as a MAAS service involved in hundreds of thousands of digital innovations all over the world.
According to Microsoft, Lumma Stealer was injured by more than 394,000 Windows machines between March and mid -May 2025. Magistical programs were a favorite tool among Internet criminals to steal entry login and sensitive financial information including cryptocurrencies. It has been used in blackmailing campaigns against schools, hospitals and infrastructure service providers. According to the Ministry of Justice website“The FBI has set at least 1.7 million cases Lummac2 has been used to steal this type of information.”
With an order from the court from the American Provincial Court of the Northern Regions of Georgia, Microsoft has dropped nearly 2,300 harmful fields linked to the Lumma infrastructure. The Ministry of Defense simultaneously reduced five critical Lummac2 fields, which served as the leadership and control centers of Internet criminals who publish harmful programs. These fields are now directed to the notification of government Nubia.
International assistance came from the European Internet Crime Center in Europol (EC3) and Japan JC3, who coordinated efforts to prevent regional servers. Cyber security companies such as Bitsight, Cloudflare, ESET, LUMEN, Cleandns and GMO have helped identify and dismantle the Internet infrastructure.
Inside the lumma process
Lumma, also known as Lummac2, has been working since 2022, and perhaps earlier, and providing harmful programs for stealing information for sale through encrypted forums and recipient channels. Smalling programs are designed for ease of use and are often assembled with tweet tools to help him bypass anti -virus programs. Distribution Online malicious ads known as “Malvertising”.
Cyber security researchers say Lumma is particularly dangerous because it allows criminals to quickly expand attacks. Buyers can customize clear loads, track stolen data, and even obtain customer support via a custom user panel. Microsoft Threat Intelligence has previously tied Lumma with a notorious Octo Tempest, also known as “scattered spider”.
In a hunting campaign earlier this year, infiltrators managed to simulate Booking.com and used Lumma to harvest financial credentials from reassuring victims.
Who is behind it?
The authorities believe that the Lumma developer is going through the nickname “Chamil” and works outside Russia. In an interview 2023Shamil claimed that he had 400 active customers and even proud of the Lumma brand with the Dove logo and the slogan: “Getting money with us is equally easy.”
Long -term disorder, not a knockout
While removal is important, experts warn that Lumma and tools are rarely eliminated for good. However, Microsoft and Doj says these procedures hinder severely and disrupt criminal operations by cutting the infrastructure structure and revenues. Microsoft will use the seized fields as sink forces to collect intelligence and increase the protection of victims.
This position highlights the need for international cooperation in applying electronic crime. Officials of the Ministry of Justice emphasized the value of the public and private partnerships, while the FBI indicated that the unrest allocated to the court is still an important tool in the government’s cybersecurity book.
As DCU continues from Microsoft, this Lumma repression puts a strong precedent for what can be accomplished when industry and government specialists cooperate to eliminate threats.
Since more of these organizations are discovered and disabled, remember protecting yourself by changing your passwords frequently and avoiding clicking on links from unknown messengers.
