Europol and Microsoft Disrupt World’s Largest Infostealer

Europol, in collaboration with Microsoft, has successfully disrupted Lumma Stealer (“Lumma”), considered the world’s largest infostealer threat. This joint operation targeted the sophisticated ecosystem utilized by criminals to exploit stolen information on a massive scale. Between March and May 2025, Microsoft identified over 394,000 Windows computers globally infected by the Lumma malware. In a coordinated effort, Microsoft’s Digital Crimes Unit, Europol, and international partners disrupted Lumma’s technical infrastructure, severing communication between the malicious tool and victims. Additionally, over 1,300 domains seized or transferred to Microsoft, including 300 domains actioned by law enforcement with Europol’s support, will be redirected to Microsoft sinkholes.

Lumma was a sophisticated tool that enabled cybercriminals to collect sensitive data from compromised devices, including credentials, financial information, and personal data. This information was then sold through a dedicated marketplace, making Lumma a central tool for identity theft and fraud globally. The Lumma marketplace provided cybercriminals with user-friendly access to advanced data-stealing capabilities, establishing it as a preferred choice for those seeking to exploit personal and financial data.

Europol played a pivotal role in Europe by facilitating intelligence sharing and coordination among Member States. With critical information provided by Microsoft, Europol’s European Cybercrime Centre enriched the data and offered Member States a comprehensive view of the threat landscape. By ensuring prompt dissemination of intelligence to impacted Member States, Europol enabled a swift response to the threat. The United States Department of Justice seized the Lumma control panel, while Microsoft’s collaboration with Japan’s Cybercrime Control Center led to the suspension of Lumma infrastructure in Japan, further dismantling the criminal network.

The successful operation highlights Europol’s commitment to enhancing security through public-private partnerships in combating cybercrime. By leveraging the technical expertise of the private sector and the operational capabilities of law enforcement, Europol can disrupt cybercriminal operations effectively. This collaboration with Microsoft was conducted under Article 26 of Europol’s Regulation, showcasing the agency’s ability to collaborate with private entities for the prevention and combat of serious crimes.