A broad coalition of technology partners and law enforcement agencies, Spearheaded by Microsoft's digital crimes unit (DCU), has disrupted the dangerous lumma stearer Malware-AA-Service (Maas) Operation, which played a key role in the arsenals of Multiple Cyber Criminal Gangs, Including Ransomware Crews.
Using a court order granted in the US District Court of the Northern District of Georgia earlier in May, The DCU and Its Posse Posse Seized and Took Down Approximately 2,300 Malicious Domains that FORORODE DOMINS THE FORRON DON Lumma operation.
“Lumma Steals passwords, Credit Cards, Bank Accounts and Cryptocurrency Wallets, and have enabled criminals to hold schools to raansom, empty bank accounts and disrupt Critical Services,” Said Dcu Assistant General Counsel, Steven Masada.
At the same time, the US department of justice (doj) seized the maas central command structure and targeted the underground marketplaces where access was solder, europol'S Center (EC3) and Japan's Cybercrime Control Center (JC3) Went After Locally Hosted Infrastructure.
Europol EC3 Head Edvardas šileris, said: “This operation is a clear example of how public-private partnerships are transforming the fight against crime. By Combining Europol'S Capability with Microsoft's Technical Insights, A Vast Criminal Infrastructure has disruptd.
In a blog post detailing the takeown, Masada said that over a two-month period, microsoft had identified more than 394,000 windows computers that had been infected by lumma. These machines have now been “Freed”, with communications between lumma and its victims seveered.
This joint action is designed to slow the speed at which [threat] Actors can launch their attacks, minimise the effectiveness of their campaigns, and hinder their illicit duty by cutting a major revival stream
Steven Masada, Microsoft Digital Crimes Unit
At the same time, about 1,300 domains seized by or transferred to Microsoft-Including 300 Actioned by Europol-Are Now Redirecting to Microsoft-operated Sinkholes.
“This will allow Microsoft's Dcu to Provide Actionable Intelligence to Continue to Harden the Security of the Company's Services and Help Protect Online Users,” said Masada. “These insights will also also assist public- and private-sector partners as they continue to track, Investigate and remediate this threat.
“This joint action is designed to slow the speed at which these actors can launch their Attacks, minimise the effectiveness of their campaigns, and hinder their Illicit Profits by Cutting a Major Revenue Stream.”
Lumma chameleon
The lumma stearer maas first appeared on the underground Scene about three years ago and has been under Near-Connuous Development Since then.
Based out of russia, and run by a primary development who goes by the handle “Shamel”, lumma offers four tiers of services, starting from £ 250 (£ 186) and rising to an eye-popping $ 20,000, For 20,000, For 20,000, For 20,000, for. Receive access to lumma's style and panel source code, the source code for plugins, and the right to act as a reseller.
When deployed, the goal is typical to monetise stolen data or Conduct Further EXPLITION. Like a chameleon, it is different to spot and can slip by many security defense unseen. To lure its victims, lumma spoofs trusted brands – Including Microsoft – and Spreads through Phishing and Malvertising.
As such, it has become something of a go-to tool for many, and is knowledge to have been used by many of the world's more notorious cyber crime collectors, Including Ransomware Gangs. Its customers likely inclined, at one time, scattered spider, the group thought to be behind the ransomware attack on Marks & Spencer In the UK, Although there is no public evidence to sugges it was used in this incident.
Blake Dharché, Head of Cloudforce one At Cloudflare, which provided key support during the takedown, said, said: “Lumma goes into your web browser and harvests always single peece of information on your Computer that eaer Dollars or Accounts – With the Victim Profile Being Everyone, Anywahere, at any time.
“The Threat Actor Behind The Malware Target Hundreds of Victims Daily, Grabbing Anything ANYTHING ANYTHIN NIT ANYTHIN SAN GET ANYNGIR HANDS On. Of domain names and ultimately blocking their ability to make money by committing cyber crime.
While this Effort Threw a sizeable wrench into the largest global infostealer's infrastructure, like any threat actor, thatse behind lumma will shift tactics and remerge to bring Online, “said Darché.
