×
ItalianoEnglish
Set as default language

Grandangolo Communications

  • Home
  • Company
  • Services
    • Public Relation
    • Digital PR
    • Marketing
    • Lead Generation
    • Events
  • Best Practice
  • Customer Press Room
  • Contacts
  • Languages
  • Home
  • Customer Press Room
  • Eset
  • ESET participates in a global operation to dismantle Lumma Stealer, one of the most widespread infostealers

Customer Press Room

ESET participates in a global operation to dismantle Lumma Stealer, one of the most widespread infostealers

by Grandangolo Communications / Thursday, 05 June 2025 / Published in Eset

Led by Microsoft, the operation largely disabled the botnet by targeting C&C servers. ESET provided technical analysis and data extracted from thousands of samples

ESET, a global European leader in the cybersecurity market, has collaborated with Microsoft, BitSight, Lumen, Cloudflare, CleanDNS and GMO Registry on an international operation aimed at dismantling Lumma Stealer, a notorious infostealer offered in Malware-as-a-Service mode. The operation targeted Lumma Stealer's infrastructure, specifically all known C&C servers from the past year, largely rendering the botnet inactive.

"ESET's automated systems analyzed tens of thousands of Lumma Stealer samples, extracting key elements such as C&C servers and affiliate identifiers. This allowed us to constantly monitor Lumma Stealer activity, group affiliates, track code updates, and more," explains Jakub Tomanek, ESET Lumma Stealer researcher. "Infostealer families like Lumma Stealer are often just the precursor to much more serious attacks. Stolen credentials are a valuable commodity in cybercrime, sold by initial access brokers to other cybercriminals, including affiliates of ransomware groups," adds Tomanek. Over the past two years, Lumma Stealer has been among the most popular infostealers globally, sparing no geographic area.

Its developers have continued to actively update and maintain the code with changes ranging from simple bug fixes to complete changes in string encryption and networking protocol. The shared infrastructure of the botnet was also actively managed by the operators. Between June 17, 2024 and May 1, 2025, ESET identified 3,353 unique C&C domains, averaging approximately 74 new domains per week, including occasional updates to Telegram-based resolvers. This continuous evolution demonstrates the dangerousness of the threat and the importance of the dismantling intervention.

Lumma Stealer adopts a Malware-as-a-Service model, in which affiliates pay a monthly subscription, divided into tiers, to receive updated versions of the malware and the infrastructure necessary for data exfiltration. Prices range from $250 to $1000 per month, depending on the level of functionality. The operators have also created a marketplace on Telegram, equipped with a rating system, to sell the stolen data without intermediaries. The most common distribution methods include phishing campaigns, pirated software and other malicious downloaders. Lumma Stealer employs a few but effective anti-emulation techniques to make malware analysis as complex as possible, hindering researchers' activities.

Microsoft's Digital Crimes Unit has coordinated the removal, the suspension, seizure and blocking of the malicious domains that formed the backbone of the Lumma Stealer infrastructure, thanks to an order of the United States District Court for the Northern District of Georgia. In parallel, the United States Department of Justice seized the malware's control panel and directly affected the Lumma Stealer marketplace and its buyers. The operation was also coordinated with Europol (European Cybercrime Center - EC3) and the Japan Cybercrime Control Center (JC3), which facilitated the blocking of local infrastructure.

"The operation was made possible by our constant monitoring of Lumma Stealer. The intervention, led by Microsoft, aimed at seizing all known C&C domains, rendering the infrastructure non-functional. ESET will however continue to monitor other infostealers and closely observe any residual activity of Lumma Stealer", concludes Tomanek.

For an in-depth analysis of the Lumma Stealer ecosystem, a detailed technical analysis and an overview of the evolution of its main static and dynamic characteristics, the post on the ESET Research blog entitled "ESET takes part in global operation to disrupt Lumma Stealer” on WeLiveSecurity.com. To stay updated on the latest news you can follow ESET Research on X (formerly known as Twitter), BlueSky e Mastodon.

About Grandangolo Communications

What you can read next

ESET Research: Chinese group PlushDaemon compromises network devices to conduct adversary-in-the-middle attacks
ESET Research discovers watering hole attacks on Middle Eastern websites linked to Candiru spyware
ESET: Gamaredon and Turla, groups linked to the Russian Federal Security Service, collaborate to target high-profile entities in Ukraine

Customer Press Room

  • Arrow Electronics has been awarded by Equinix as Distributor of the Year 2025 for the EMEA region

    Arrow Electronics, a global supplier of technology...
  • SentinelOne makes the Purple AI Agentic Investigation solution available to all customers, bringing the latest generation AI directly into the SOC

    The investigations, started autonomously and without need...
  • Acronis TRU reveals the ongoing evolution of the INC ransomware group

    A recent report published by Acronis Threat ...
  • ESET Research investigates the Gentlemen ransomware author group and its defense evasion tools

    The Gentlemen Group develops, maintains and supplies...
  • Imprivata presents the Agentic Identity Management solution to protect and govern the access of AI agents

    Imprivata, a leading company in Ac...

Archives

  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018

Categories

  • A10
  • Abstract
  • abstract
  • Acronis
  • Ally Consulting
  • Arrow
  • Arrow Electronics
  • Axiante
  • Babel
  • Computer Center
  • Cohesity
  • Italy Cloud Consortium
  • Consys
  • D-Link
  • Eset
  • G.B. Service
  • Habble
  • HiSolution
  • HYCU
  • Icos
  • Imprivate
  • Information Tecnology
  • Innovaway
  • Ivanti
  • Link11
  • MobileIron
  • Netalia
  • Nethive
  • Nexthink
  • Nuvis
  • Praim
  • QAD
  • Qualys
  • Red Hot Cyber
  • Riverbed
  • Saviynt
  • Sensormatic
  • SentinelOne
  • Talent Software
  • Vectra
  • Vectra AI
  • Vertiv

Office printing, digital PR, marketing, lead generation: all projects are born from our passion and expertise, with an inevitable touch of creativity and innovation.

COMPANY

Grandangolo Communications Srl
Via Sardegna 19
20146 Milano
Telephone +39 335 8283393
info@grandangolo.it

I SERVIZI

  • Home
  • Company
  • Services
  • Best Practice
  • Customer Press Room
  • Contacts
  • Languages

CONTACTS

  • Contacts
  • Cookie policy
  • Privacy policy

© 2019 GRANDANGOLO COMMUNICATIONS SRL | P.IVA IT 06394850967 | All rights reserveD.

Powered by Webpowerplus

TOP