Inside Microsoft’s Global Operation to Disrupt Lumma Stealer’s 2,300-Domain Malware Network

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Richard Boscovich and Derek Richardson from Microsoft’s Digital Crimes Unit to unpack the global takedown of Lumma Stealer, one of the world’s largest infostealer malware operations. They discuss how creative legal tools like RICO and centuries-old trespass laws, deep collaboration with global partners, and innovative technical strategies came together to seize 2,300 domains and protect nearly 400,000 victims. The episode explores how the DCU is shifting toward persistent, cost-imposing disruption of cybercrime as a service, and what this means for defenders everywhere. 

In this episode you’ll learn:      

• How Microsoft took down one of the world’s largest infostealer malware operations 

• The global partnerships with Europol, Japan, and private companies in cyber takedowns 

• What happens to stolen victim data during a takedown operation 

Some questions we ask:     

• How did you first identify Lumma as a high-priority threat? 

• Is persistent disruption now the new normal for DCU operations? 

• Do you see more operations like this coming from DCU in the future? 

Resources:  

View Richard Boscovich on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Disrupting Lumma Stealer: Microsoft Leads Global Action Against Favored Cybercrime Tool 

Related Microsoft Podcasts:                   

• Afternoon Cyber Tea with Ann Johnson 

• The BlueHat Podcast 

• Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.