Lumma Stealer Disrupted Following Europol and Microsoft Operation

In a major blow to cybercriminal networks worldwide, Europol’s European Cybercrime Centre (EC3), in partnership with Microsoft, has successfully disrupted Lumma Stealer, widely known as the most significant infostealer operation to date.

The joint operation targeted the large infrastructure behind Lumma, a sophisticated malware used by cybercriminals to harvest and exploit sensitive personal and financial data from victims across the world. The operations used intelligence provided by Microsoft and coordinated law enforcement efforts across Europe, the US, and Japan. Lumma Stealer is estimated to have been used in at least 1.7 million instances to steal information and The U.S. Federal Bureau of Investigation has attributed around 10 million infections to Lumma.

Between March 16th 2025 and May 16th Microsoft identified more than 394,000 Windows systems worldwide infected with Lumma malware. The malware enabled attackers to exfiltrate credentials, financial data, and personal information, which were then monetized through dark web marketplaces.

This month, in coordinated follow up action, Microsoft’s Digital Crime Unit (DCU), Europol and international partners disrupted Lumma’s technical infrastructure, effectively cutting communication between infected machines and the malware’s command-and-control servers.

As part of the takedown, more than 1,300 domains were seized or transferred to Microsoft. Of these, approximately 300 domains were directly actioned by law enforcement with Europol’s support. The domains have now been re-directed to Microsoft-controlled sinkholes to prevent further abuse and to support ongoing remediation efforts.

Europol served as the central hub for intelligence exchange and operational coordination among its member states. After receiving critical intelligence from Microsoft, EC3 analyzed and enriched the data, sharing key insights with national law enforcement agencies and ensuring swift responses.

The Head of Europol’s European Cybercrime Centre, Edvardas Šileris, said: “This operation is a clear example of how public-private partnerships are transforming the fight against cybercrime. By combining Europol’s coordination capabilities with Microsoft’s technical insights, a vast criminal infrastructure has been disrupted. Cybercriminals thrive on fragmentation – but together, we are stronger.”

The takedown of Lumma Stealer showcases Europol’s growing emphasis on public-private partnerships as a strategic pillar in combating cybercrime. These collaborations enable law enforcement to benefit from the agility and technical depth of industry partners while maintaining their authority in investigation and prosecution.