Global Cybersecurity Coalition Dismantles LummaC2 Malware
A collaborative effort by international cybersecurity agencies and tech giants has resulted in a significant blow to the malware industry. LummaC2, a popular Malware as a Service infostealer, has had its operations disrupted this week. The action involved seizing over 1,000 domains and shutting down numerous Telegram channels and Steam profiles supporting its infrastructure.
LummaC2, which has been active since late 2022, targets Windows systems to steal sensitive data from various applications. Its command and control infrastructure is sophisticated, featuring a tier-1 of frequently changing domains, a secondary fallback mechanism using Steam profiles, and potentially a Telegram channel URL. The malware's popularity among threat actors has been attributed to a gap in the infostealer scene following the takedown of Redline and Meta stealers.
The coordinated action was carried out by a coalition including Bitsight TRACE, Microsoft DCU, ESET, Lumen's Black Lotus, CleanDNS, Cloudflare, and Europol. Bitsight, in collaboration with Microsoft's Digital Crimes Unit since mid-2024, has been working to dismantle Lumma Stealer, the predecessor of LummaC2. The operation led to the seizure of over 1,000 domains and more than 90 Telegram channels and Steam profiles supporting LummaC2's infrastructure. Indicators of compromise (IOCs) for LummaC2 are now available in CSV, MISP, and STIX2 formats.
The disruption of LummaC2's operations is expected to have a significant impact on the threat landscape, disrupting criminal activity and making it harder for threat actors to operate. While the identity of the person behind LummaC2 remains unknown, the collaborative effort by international agencies and tech companies serves as a reminder of the importance of global cooperation in cybersecurity.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Over 5,600 Road Safety Violations Caught in Manchester Trial
- Jaguar Land Rover Resumes Production After Cyberattack, UK Govt & Banks Provide £3.5B Support
- Jaguar Land Rover's Cyberattack Halts Production, Impacting 100,000 Jobs
