By Amber Hickman |
Microsoft’s Digital Crimes Unit (DCU) has seized and facilitated the takedown, suspension and blocking of approximately 2,300 malicious domains that formed the backbone of malware-as-a-service Lumma.
Lumma is an information-stealing malware used by cyberthreat actors around the world to gain sensitive information such as passwords, credit cards, bank accounts and cryptocurrency wallets.
Microsoft worked with the US Department of Justice, who confiscated the central command structure for Lumma and disrupted the marketplaces where the tool was sold, as well as Europe and Japan’s cybercrime centres, who facilitated the suspension of locally based Lumma infrastructure.
Between March and May 2025, Microsoft identified over 394,000 Windows computers globally infected by the Lumma malware and has now severed the connection between the tool and its victims.
In addition, more than 1,300 domains will now be redirected to Microsoft sinkholes. Microsoft’s DCU will use the seized domains to gain actionable intelligence and improve the security of its services and protect online users in partnership with cybersecurity organisations including Bitsight, CleanDNS, Cloudflare, ESET, GMO Registry and Lumen.