On May 21, 2025, the United States Department of Justice (“DOJ”) announced it had obtained warrants authorizing the seizure of five internet domains used to operate a family of malware known as LummaC2, also referred to as LummaStealer (“Lumma”) that targets customers of the Windows operating system developed by Microsoft Corporation (“Microsoft”). The warrants were part of a global effort to take down Lumma, led by Microsoft. According to a recent blog post by Microsoft, between March 16, and May 16, 2025, Microsoft identified over 394,000 Windows computers throughout the world infected by Lumma. Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center used this information to prevent Lumma from communicating with infected computers through their infrastructures. In addition, Microsoft filed a civil action in Georgia against Lumma’s operators—as well as marketers and end users—in which Microsoft obtained a temporary restraining order (“TRO”) requiring third parties owning or operating domains believed to be controlled by Lumma to give Microsoft control of the domains and take other actions to prevent Lumma from operating and misusing victims’ data.
Author: Emily Burgess
Emily Burgess counsels clients in white collar and complex commercial disputes. She has experience representing individuals in regulatory investigations conducted by the Securities Exchange Commission, U.S. Department of Justice, and state law enforcement agencies, and has been a member of litigation teams that tried cases to verdict in both state and federal courts. Emily’s clients are in a variety of industries, including finance and health care.