Ddos 
Europol’s European Cybercrime Centre (EC3) and Microsoft’s Digital Crimes Unit (DCU) have successfully disrupted the Lumma Stealer, a notorious malware responsible for infecting hundreds of thousands of computers worldwide and fueling a massive black market for stolen personal data.
“This operation is a clear example of how public-private partnerships are transforming the fight against cybercrime,” said Edvardas Šileris, Head of Europol’s EC3. “Cybercriminals thrive on fragmentation – but together, we are stronger.”
Lumma Stealer, regarded as the world’s most significant infostealer, was a sophisticated malware-as-a-service (MaaS) operation. It enabled cybercriminals to collect sensitive information—including login credentials, financial data, and personal identifiers—from infected devices at an industrial scale.
“Lumma, the world’s largest infostealer, was a sophisticated tool that enabled cybercriminals to collect sensitive data from compromised devices on a massive scale.”
Its user-friendly interface and powerful features made Lumma a go-to tool for threat actors engaged in identity theft and financial fraud. The Lumma marketplace functioned as a one-stop shop, where cybercriminals could purchase the malware and profit from stolen information.
Between March 16 and May 16, 2025, Microsoft identified over 394,000 infected Windows systems worldwide. In response, a global operation was launched to neutralize the infrastructure supporting Lumma.
The operation resulted in the seizure or transfer of more than 1,300 domains, over 300 of which were actioned directly by law enforcement agencies with Europol’s support. These domains are now redirected to Microsoft-controlled sinkholes, effectively halting Lumma’s command-and-control (C2) capabilities.
As the central intelligence-sharing hub in Europe, Europol played a pivotal role in the operation’s success. After receiving key data from Microsoft, EC3 analyzed and enriched the intelligence, then relayed tailored threat insights to Member States, ensuring synchronized actions across borders.
“By gathering all relevant intelligence and making sure that impacted Member States received the necessary information promptly, Europol enabled a quick response.”
Additionally, Europol facilitated deconfliction, avoiding investigative overlap and enabling focused, coordinated takedowns.
Donate