The Justice Department recently unsealed two warrants that authorizes the seizure of five internet domains used by malicious cyber actors to operate the LummaC2 information-stealing malware service.
LummaC2’s administrators used the seized websites to distribute LummaC2, an information-stealing malware, to their affiliates and other cyber criminals, according to the affidavits filed with the seizure warrants. The malware targeted autofill information, banking services, browser data, cryptocurrency seed phrases, and email. The Federal Bureau of Investigation (FBI) identified at least 1.7 million instances where LummaC2 was used to steal information.
The government seized two domains on May 19. The LummaC2 administrators informed their users of three new domains that would host the user panel, and the government seized those on May 21.
Visitors to the seized websites see a message indicating that the site has been seized by the Justice Department.
FBI’s Dallas Field Office is investigating while the National Security Division’s National Security Cyber Section, the U.S. Attorney’s Office for the Northern District of Texas, and the Criminal Division’s Computer Crime and Intellectual Property Section are handling the case.
The U.S. Department of State’s Rewards for Justice program offers a reward of up to $10 million for information on foreign government-linked individuals participating in certain malicious cyber activities against critical U.S. infrastructure.