{
	"id": "511f3dff-45be-4c48-816d-776a4516320a",
	"created_at": "2026-04-06T00:13:56.47791Z",
	"updated_at": "2026-04-10T13:11:20.751511Z",
	"deleted_at": null,
	"sha1_hash": "1c1be4190185c300e088368806942945058bf6fc",
	"title": "Europol and Microsoft disrupt world’s largest infostealer Lumma",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37490,
	"plain_text": "Europol and Microsoft disrupt world’s largest infostealer Lumma\r\nBy Europol\r\nPublished: 2025-05-21 · Archived: 2026-04-05 21:47:47 UTC\r\nEuropol’s European Cybercrime Centre has worked with Microsoft to disrupt Lumma Stealer (“Lumma”), the\r\nworld’s most significant infostealer threat.\r\nThis joint operation targeted the sophisticated ecosystem that allowed criminals to exploit stolen information on a\r\nmassive scale. Europol coordinated with law enforcement in Europe to ensure action was taken, leveraging\r\nintelligence provided by Microsoft.\r\nBetween 16 March and 16 May 2025, Microsoft identified over 394 000 Windows computers globally infected by\r\nthe Lumma malware. In a coordinated follow-up operation this week, Microsoft’s Digital Crimes Unit (DCU),\r\nEuropol, and international partners have disrupted Lumma’s technical infrastructure, cutting off communications\r\nbetween the malicious tool and victims. In addition, over 1 300 domains seized by or transferred to Microsoft,\r\nincluding 300 domains actioned by law enforcement with the support of Europol, will be redirected to Microsoft\r\nsinkholes.\r\nThe Head of Europol’s European Cybercrime Centre, Edvardas Šileris, said: “This operation is a clear example of\r\nhow public-private partnerships are transforming the fight against cybercrime. By combining Europol’s\r\ncoordination capabilities with Microsoft’s technical insights, a vast criminal infrastructure has been disrupted.\r\nCybercriminals thrive on fragmentation – but together, we are stronger.”\r\nWhat is Lumma?\r\nLumma, the world’s largest infostealer, was a sophisticated tool that enabled cybercriminals to collect sensitive\r\ndata from compromised devices on a massive scale. Stolen credentials, financial data, and personal information\r\nwere harvested and sold through a dedicated marketplace, making Lumma a central tool for identity theft and\r\nfraud worldwide.\r\nThe Lumma marketplace operated as a hub for buying and selling the malware, providing criminals with user-friendly access to advanced data-stealing capabilities. Its widespread use and accessibility made it a preferred\r\nchoice for cybercriminals looking to exploit personal and financial data.\r\nA coordinated response across the world\r\nEuropol acted as the central point in Europe for intelligence sharing and coordination. After receiving critical\r\nintelligence from Microsoft, Europol’s European Cybercrime Centre enriched this information and provided\r\nMember States with a view of the threat landscape to ensure a clear understanding of the network’s operations.\r\nActing as a facilitator for Member States, Europol played a crucial role in deconfliction, ensuring that overlapping\r\ninvestigations were identified and managed effectively. By gathering all relevant intelligence and making sure that\r\nhttps://www.europol.europa.eu/media-press/newsroom/news/europol-and-microsoft-disrupt-world%E2%80%99s-largest-infostealer-lumma\r\nPage 1 of 2\n\nimpacted Member States received the necessary information promptly, Europol enabled a quick response.\r\nIn a coordinated move, the United States Department of Justice (DOJ) seized the Lumma control panel, which was\r\ncritical to the Lumma marketplace.\r\nMicrosoft’s collaboration with Japan’s Cybercrime Control Center (JC3) also led to the suspension of Lumma\r\ninfrastructure based in Japan, further dismantling the criminal network.\r\nDelivering security through partnerships\r\nThis operation demonstrates Europol’s strategy of delivering security through public-private partnerships, a\r\ncornerstone of its approach to combating crime in the digital age. In an increasingly interconnected world, the\r\nfight against cyber threats cannot be won by law enforcement alone.\r\nPublic-private partnerships allow Europol to bridge the gap between the private sector’s technical expertise and\r\nlaw enforcement’s operational capabilities. By leveraging the strengths of each, Europol can deliver more\r\nimpactful results, disrupting cybercriminal operations at their core.\r\nThe cooperation with Microsoft in this operation was carried out under Article 26 of Europol’s Regulation, which\r\nallows Europol to receive information from and collaborate with private parties for the prevention and combat of\r\nserious crime.\r\nMicrosoft is a member of Europol’s Advisory Group on Internet Security.\r\nRead Microsoft’s announcement here.\r\nSource: https://www.europol.europa.eu/media-press/newsroom/news/europol-and-microsoft-disrupt-world%E2%80%99s-largest-infostealer-lu\r\nmma\r\nhttps://www.europol.europa.eu/media-press/newsroom/news/europol-and-microsoft-disrupt-world%E2%80%99s-largest-infostealer-lumma\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.europol.europa.eu/media-press/newsroom/news/europol-and-microsoft-disrupt-world%E2%80%99s-largest-infostealer-lumma"
	],
	"report_names": [
		"europol-and-microsoft-disrupt-world%E2%80%99s-largest-infostealer-lumma"
	],
	"threat_actors": [],
	"ts_created_at": 1775434436,
	"ts_updated_at": 1775826680,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1c1be4190185c300e088368806942945058bf6fc.pdf",
		"text": "https://archive.orkl.eu/1c1be4190185c300e088368806942945058bf6fc.txt",
		"img": "https://archive.orkl.eu/1c1be4190185c300e088368806942945058bf6fc.jpg"
	}
}