DoJ & Microsoft Dismantle LummaC2 Malware Infrastructure in Landmark Cybercrime Crackdown

In a decisive move against one of the world’s most prolific information-stealing malware networks, the United States Department of Justice has seized five internet domains linked to the LummaC2 operation. This court-authorised action, supported by the FBI and coordinated with Microsoft, marks a significant disruption of a cybercrime ecosystem responsible for millions of global attacks targeting sensitive personal and financial information.

LummaC2: A Global Cyber Threat

LummaC2 has emerged as a dominant infostealer on underground criminal forums, distributing malware designed to capture browser data, autofill content, email and banking credentials, and cryptocurrency wallet seed phrases. According to court documents, the FBI has linked LummaC2 to at least 1.7 million cases of data theft, highlighting its reach and the scale of harm inflicted on individuals and businesses worldwide.

Cybercriminals used the now-seized domains, referred to as “user panels”, as gateways to deploy and manage LummaC2. These control panels were essential for affiliates and malware operators to execute cyberattacks and harvest stolen data. After the first two domains were taken down on 19 May 2025, the operators rapidly created three new domains, which were seized by law enforcement the following day, illustrating both the resilience of the threat actors and the agility of the Justice Department’s response.

Public-Private Collaboration Proves Critical

This operation reflects a growing trend in cybercrime prevention—strategic coordination between government agencies and the private sector. Microsoft independently initiated a civil action to dismantle a further 2,300 domains associated with LummaC2 or its proxies, significantly expanding the reach of the disruption.

Leaders from the Justice Department emphasised that dismantling infrastructure like LummaC2 not only disrupts criminal enterprises but also acts as a deterrent to similar operations. Sue J. Bai of the National Security Division praised the collaborative approach, stating that such actions “protect us from the persistent cybersecurity threats targeting our country”.

Cybercrime Disruption as a Legal Priority

The FBI’s Cyber Division reaffirmed its commitment to targeting the foundational services that cybercriminals depend on. Assistant Director Bryan Vorndran noted that the takedown of LummaC2’s infrastructure sends a clear message to threat actors relying on such platforms.

In tandem with this enforcement action, the U.S. State Department’s Rewards for Justice programme is offering up to $10 million for information on foreign government-linked individuals engaged in cyberattacks against U.S. critical infrastructure.

Read the press release here.