In a significant crackdown on cybercrime, a coordinated effort by U.S., European, and Japanese authorities, alongside tech giants like Microsoft and Cloudflare, has disrupted the infrastructure underpinning the Lumma Stealer malware. This operation targets one of the most prominent infostealer threats currently in circulation, capable of stealing sensitive data such as credentials and financial information.
Lumma Stealer, marketed as a Malware-as-a-Service (MaaS), has gained notoriety among cybercriminals for its effectiveness. According to Steven Masada, Assistant General Counsel at Microsoft’s Digital Crimes Unit, the malware is primarily developed by an individual based in Russia known as ‘Shamel.’ Shamel has reportedly serviced around 400 active clients through Russian-language chat forums, offering various tiers of service that allow customization and tracking of stolen data.
From mid-March to mid-May 2025, Microsoft identified over 394,000 infected Windows computers worldwide, highlighting the extensive reach of Lumma Stealer. As part of the joint operation, more than 1,300 domains connected to Lumma were seized or sinkholed, hindering the operators’ ability to manage their illicit activities. The U.S. Department of Justice, Europol, and other global agencies played pivotal roles in this initiative, with Europol confirming the seizure of critical operational assets.
In addition to shutting down key control systems, the operation also targeted Lumma’s use of Cloudflare’s infrastructure, which helped conceal the IP addresses of cybercriminal servers. Following recent instances where Lumma managed to bypass security measures, Cloudflare implemented enhanced defenses to deter such activities. The coordinated actions undertaken have left Lumma operators without access to their marketplace or control panels, forcing them to seek alternative infrastructures.
This disruption not only impacts the operators but also serves to complicate the operational landscape for users of the service. The involved organizations, including the Cybercrime Control Centers and several leading cybersecurity firms, continue to advocate for improved defenses against infostealer threats.