Authorities carry out global takedown of infostealer used by cybercriminals
A consortium of global law enforcement agencies and tech companies announced on Wednesday that they have disrupted the infostealer malware known as Lumma. One of the most popular infostealers worldwide, Lumma has been used by hundreds of what Microsoft calls βcyber threat actorsβ to steal passwords, credit card and banking information, and cryptocurrency wallet details. The tool, which officials say is developed in Russia, has provided cybercriminals with the information and credentials they needed to drain bank accounts, disrupt services, and carry out data extortion attacks against schools, among other things.
Microsoftβs Digital Crimes Unit (DCU) obtained an order from a United States district court last week to seize and take down about 2,300 domains underpinning Lummaβs infrastructure. At the same time, the US Department of Justice seized Lummaβs command and control infrastructure and disrupted cybercriminal marketplaces that sold the Lumma malware. All of this was coordinated, too, with the disruption of regional Lumma infrastructure by Europolβs European Cybercrime Center and Japanβs Cybercrime Control Center.
Microsoft lawyers wrote on Wednesday that Lumma, which is also known as LummaC2, has spread so broadly because it is βeasy to distribute, difficult to detect, and can be programmed to bypass certain security defenses.β Steven Masada, assistant general counsel at Microsoftβs DCU, says in a blog post that Lumma is a βgo-to tool,β including for the notorious Scattered Spider cybercriminal gang. Attackers distribute the malware using targeted phishing attacks that typically impersonate established companies and services, like Microsoft itself, to trick victims.
