In a significant international operation, U.S. and European authorities have dismantled a powerful hacking tool known as Lumma, which has been widely used by cybercriminals to carry out ransomware attacks, banking thefts, and other digital crimes across the globe.
The U.S. Department of Justice announced Wednesday that it had successfully seized computer infrastructure used to operate Lumma, while Microsoft secured a court order to take down or disable over 2,300 web domains linked to the tool. According to Microsoft, the malware had infected approximately 394,000 Windows-based systems worldwide in just the past two months.
Lumma has been a favored weapon among cybercriminals, targeting a broad range of institutions, including airlines, hospitals, universities, banks, and even U.S. state governments. High-profile victims include several Fortune 500 companies. In 2023 alone, the tool was responsible for $36.5 million in credit card fraud, according to Brett Leatherman, deputy assistant director of the FBI’s cyber division.
“This is part of a greater law enforcement investigation into the group behind Lumma, and we hope that this will also fracture trust within the ecosystem itself,” Leatherman told reporters.
Despite the crackdown’s success, officials acknowledged a key obstacle: Lumma’s lead developer is reportedly based in Russia, where he markets different levels of access to the tool on Telegram and other Russian-language forums, with prices ranging from $250 to $1,000.
Historically, U.S. prosecutors have charged multiple Russian nationals with cyber offenses, but extradition has remained difficult. Russian diplomats often resist efforts to transfer suspects to the U.S., and many charged individuals remain beyond reach. Leatherman declined to confirm whether the FBI had identified the developer’s exact location or shared that intelligence with Russian authorities.
Still, officials emphasized that their strategy focuses not just on arresting individual hackers but on disrupting the broader cybercrime ecosystem.
“Regardless of where these individuals sit, even if we can’t charge them with criminal conduct, our victim-centric approach is really focused on targeting that underlying ecosystem … because it brings relief to victims,” Leatherman said.
The operation was coordinated with Europol, multiple U.S. and European technology companies, and a Japanese cybersecurity group. The collaborative effort reflects a growing trend of public-private partnerships aimed at combating global cyber threats.
Wednesday’s action marks a major blow against a digital underworld that has flourished in recent years, reminding cybercriminals that the global cybersecurity community is both vigilant and capable of striking back.
Written By Rodney Mbua
