The IT Nerd

Microsoft’s Digital Crimes Unit facilitated the takedown, suspension, and blocking of about 2,300 malicious domains that formed the infrastructure backbone of Lumma Stealer, an info-stealing malware used by hundreds of cyber threat actors to steal passwords, credit cards, bank accounts, and cryptocurrency wallets. Lumma Stealer has also enabled criminals to hold schools for ransom, empty bank accounts, and disrupt critical services.

Microsoft has a blog post on this here: https://blogs.microsoft.com/on-the-issues/2025/05/21/microsoft-leads-global-action-against-favored-cybercrime-tool/

Ensar Seker, CISO at SOCRadar, commented:

“The coordinated takedown of Lumma Stealer’s infrastructure marks a pivotal moment in combating the proliferation of Malware-as-a-Service (MaaS) platforms. Lumma Stealer, also known as LummaC2, has been a formidable tool in the cybercriminal arsenal, facilitating the theft of sensitive data including credentials, financial information, and cryptocurrency wallets from nearly 400,000 Windows systems globally between March and May 2025.

“This operation, led by Microsoft’s Digital Crimes Unit in collaboration with international law enforcement agencies, successfully seized over 2,300 domains integral to Lumma’s operations and dismantled its command-and-control infrastructure . Such actions not only disrupt the immediate threat but also send a clear message to cybercriminals about the increasing capabilities and resolve of global cybersecurity alliances. However, the resilience of such malware underscores the necessity for continuous vigilance. Lumma’s ability to adapt employing phishing, malvertising, and exploiting trusted platforms highlights the evolving tactics of threat actors.

“While this takedown is a commendable achievement, it also serves as a reminder of the persistent and evolving nature of cyber threats. Ongoing collaboration between private sector entities and international law enforcement is essential to stay ahead.”

Takedowns are nice. But sometimes they’re a game of “whack a mole” where the threat actors pop up someplace else. Which is why these sorts of efforts need to be ongoing and not a one time thing.

This entry was posted on May 21, 2025 at 3:01 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.