In a major global operation, Europol and Microsoft have taken down what is being described as the world’s largest infostealer network — Lumma Stealer — marking one of the most significant cybercrime takedowns of the year.
The coordinated effort involved law enforcement agencies across Europe, the United States Department of Justice, and Japan’s Cybercrime Control Center. It highlights how international collaboration between public authorities and private tech firms is increasingly vital in combating sophisticated digital threats.
Between 16 March and 16 May 2025, Microsoft identified more than 394,000 Windows devices globally infected by Lumma malware . The infostealer was used by cybercriminals to harvest sensitive data such as login credentials, cryptocurrency wallet details, and personal identification information, which was then sold on underground marketplaces.
This week, in a synchronized move, Microsoft’s Digital Crimes Unit (DCU), Europol, and global partners disrupted Lumma’s infrastructure — severing its ability to communicate with infected systems.
Over 1,300 malicious domains linked to the malware were either seized or transferred to Microsoft. Of these, 300 were acted upon by law enforcement with Europol’s support, and will now be redirected to secure “sinkholes” managed by Microsoft to neutralize the threat.
Edvardas Šileris, Head of Europol’s European Cybercrime Centre, said:
“This operation is a clear example of how public-private partnerships are transforming the fight against cybercrime. By combining Europol’s coordination capabilities with Microsoft’s technical insights, a vast criminal infrastructure has been disrupted. Cybercriminals thrive on fragmentation – but together, we are stronger.”
Lumma operated both as a tool and a marketplace. Criminals could purchase access to the malware and deploy it with ease, harvesting data from victims’ devices and feeding it into an expansive illicit economy. Its widespread use and accessibility made it a preferred choice for cybercriminals looking to exploit personal and financial data at scale.
Europol played a central role in intelligence sharing and deconfliction, ensuring that overlapping investigations across EU Member States were effectively coordinated.
In parallel, the United States Department of Justice seized the Lumma control panel , a key component of the criminal infrastructure. Meanwhile, cooperation between Microsoft and Japan’s Cybercrime Control Center led to the suspension of Lumma-related servers based in Japan.
“This operation demonstrates Europol’s strategy of delivering security through public-private partnerships,” Europol stated. “In an increasingly interconnected world, the fight against cyber threats cannot be won by law enforcement alone.”
Microsoft works closely with Europol under Article 26 of Europol’s Regulation , which allows the agency to collaborate with private parties to combat serious crime. Microsoft is also a member of Europol’s Advisory Group on Internet Security , which supports efforts to counter cyber threats at a strategic level.
As cybercriminal operations grow more complex, so too must the alliances formed to stop them. The dismantling of Lumma shows how global coordination — between governments, law enforcement, and the private sector — can disrupt even the most entrenched digital threats.
