- The DoJ announced seizing multiple domains used by Lumma Stealer
- The infostealer is linked to some of the biggest cyberattacks in recent times
- The malware caused millions of dollars in damages
The US Department of Justice, together with the FBI and Microsoft, disrupted the operations of Lumma Stealer, one of the biggest information-stealing malware variants out there.
In a press release published on the DoJ’s website earlier this week, it was explained that the law enforcement agencies seized five internet domains that were used to deploy LummaC2. The threat actors tried to relocate their operations and set up three new domains, which were quickly picked up by the DoJ, as well.
Furthermore, Microsoft independently took down 2,300 additional internet domains linked to LummaC2’s criminal activities.
High-profile attacks
Lumma Stealer is a popular infostealer that grabs sensitive information such as login credentials, browser autofill information, and cryptocurrency wallet data. It is usually distributed through malicious websites and phishing campaigns, and was seen in numerous high-profile cyberattacks. The seized domains were used by different cybercriminals to access, and later deploy, the infostealer.
The FBI said the malware was used in at least 1.7 million instances since late 2023, and resulted in roughly 10 million infections. These infections resulted in losses of more than $36 million in 2023 alone. The DoJ is now offering a bounty of $10 million for information on cyberattacks against US infrastructure, conducted by foreign state-sponsored threat actors.
Lumma was involved in many high-profile cybercriminal cases, including the attack against Schneider Electric that happened in early November 2024. In that instance, researchers from Hudson Rock found, the criminals behind the attack claimed to have stolen “critical data”, including projects, issues, and plugins, along with 400,000 rows of user data, totaling more than 40GB compressed data.
The same infostealer was apparently also used to steal credentials that were later leveraged to break into people’s Snowflake cloud storage accounts, triggering one of the bigger supply chain attacks in recent times.
Via The Register
Leave a comment