Winsage
May 22, 2025
US and European authorities have seized computer systems used by hackers to access a sophisticated hacking tool called Lumma, which has been involved in high-profile cybercrimes, including ransomware attacks and bank thefts. Microsoft took offline approximately 2,300 web domains linked to this activity. Around 394,000 computers worldwide running Windows software were found to be infected by Lumma, targeting various institutions, including airlines, universities, banks, and hospitals, resulting in credit card losses of .5 million in 2023. The primary developer of Lumma is based in Russia, where he markets the tool on platforms like Telegram, charging between [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: US and European authorities have taken significant steps to dismantle a sophisticated hacking tool that has been instrumental in a series of high-profile cybercrimes, including ransomware attacks and bank thefts. On Wednesday, the US Justice Department announced the seizure of the computer systems utilized by hackers to access the tool, known as Lumma. Concurrently, Microsoft executed a court order to take offline approximately 2,300 web domains associated with this cybercriminal activity.
Impact on Cybercrime
This coordinated effort represents a substantial setback for a global hacking enterprise that has proliferated over the past two months. Microsoft reported discovering around 394,000 computers worldwide running Windows software infected by Lumma. The tool has been leveraged to target a range of institutions, from airlines and universities to banks and hospitals, with several Fortune 500 companies also falling victim. Brett Leatherman, the FBI’s deputy assistant director for cyber operations, revealed that Lumma-related attacks resulted in credit card losses totaling .5 million in 2023 alone.
However, the crackdown faces challenges, particularly due to the involvement of Russian sovereignty. Analysts from Microsoft have identified the primary developer of Lumma as being based in Russia, where he markets various access levels to the tool on platforms like Telegram and other Russian-language forums, charging between 0 and ,000.
The US has previously charged numerous Russian hackers with serious cyber offenses against American entities, yet only a fraction of these individuals have been brought to trial in the US. Russian diplomats have consistently opposed the extradition of accused cybercriminals, complicating efforts to hold them accountable.
When asked whether the FBI believes Lumma’s lead developer is currently in Russia, Leatherman refrained from providing specific details, stating, “Regardless of where these individuals sit, even if we can’t charge them with criminal conduct, our victim-centric approach is really focused on targeting that underlying ecosystem … because it brings relief to victims.”
The law enforcement operation was a collaborative effort involving Europol, several American and European tech firms, and a Japanese organization. This strategy underscores a growing trend in combating cybercrime, leveraging the extensive reach of software companies within the global economy.
Leatherman emphasized the broader implications of this investigation, stating, “This is part of a greater law enforcement investigation into the group [behind Lumma], and we hope that this will also fracture trust within the ecosystem itself.”" max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"] and ,000. The law enforcement operation involved Europol and several tech firms and aims to disrupt the ecosystem supporting cybercrime.
