Microsoft takes down global Lumma Stealer infrastructure.
You might have been forgiven for thinking that the battle against the credential-stealing hackers who have facilitated the sale of billions of stolen passwords on the dark web was already lost. But then, the most unlikely of caped cyber-crusaders, Microsoft, entered the war and has just landed what could be a killer blow to the biggest of all the criminal password stealing operations, the Lumma Stealer network. Here’s what you need to know.
Microsoft Strikes Back As Global Action Takes Down Lumma Stealer Infrastructure
Even the biggest of cybercriminal groups are not invincible. In the world of ransomware, for example, we have seen the LockBit operators hacked, and disrupted by the FBI, seriously impeding its ability to function. Now, it looks like one of the major facilitators of ransomware attacks, the Lumma Stealer network, has fallen to the same fate. Lumma Stealer is the name given to the malware and the criminal group behind it, which steals user credentials, passwords, usernames, and even 2FA session cookies. These stolen credentials are then used to gain initial access during a ransomware attack.
However, that could have all changed thanks to Microsoft’s Digital Crimes Unit, which has confirmed a law enforcement operation that it led, destroying the backbone of Lumma Stealer’s global infrastructure.
The May 21 Microsoft announcement, confirmed that 2,300 malicious domains associated with Lumma Stealer have been taken down. 1,300 of these have now been transferred to Microsoft’s control, and the lines of communication to 394,000 Windows computers discovered to have been infected by Lumma Stealer malware cut.
“The Department of Justice simultaneously seized the central command structure for Lumma and disrupted the marketplaces where the tool was sold to other cybercriminals,” Steven Masada, the assistant general counsel at Microsoft’s Digital Crimes Unit, said. Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center also took part in the decisive action. Those seized Lumma Stealer domains will now have all traffic redirected to Microsoft sinkholes, Masada confirmed. “This will allow Microsoft’s DCU to provide actionable intelligence to continue to harden the security of the company’s services and help protect online users,” Masada concluded.
Cybersecurity Experts Applaud Microsoft DCU Operation
“The coordinated takedown of Lumma Stealer’s infrastructure marks a pivotal moment in combating the proliferation of Malware-as-a-Service platforms,” Ensar Seker, chief information security officer at SOCRadar, said; “Such actions not only disrupt the immediate threat but also send a clear message to cybercriminals about the increasing capabilities and resolve of global cybersecurity alliances.”
“The coordination of Microsoft and law enforcement shows how powerful the two are when combined to stop bad actors from operating,” Thomas Richards, infrastructure security practice director at Black Duck, said. “Dismantling this cyber criminal enterprise will save hundreds of thousands of people from being victims,” Richards advised.
This post was created with our nice and easy submission form. Create your post!
